From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60634) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YWWKy-0005ju-61 for qemu-devel@nongnu.org; Fri, 13 Mar 2015 16:37:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YWW6o-00037x-Q3 for qemu-devel@nongnu.org; Fri, 13 Mar 2015 16:23:03 -0400 Message-ID: <55034721.6000202@redhat.com> Date: Fri, 13 Mar 2015 14:22:57 -0600 From: Eric Blake MIME-Version: 1.0 References: <1426277380-25665-1-git-send-email-armbru@redhat.com> In-Reply-To: <1426277380-25665-1-git-send-email-armbru@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jEQxT3qW02us9WOihjtoOMKR8T73OhsgM" Subject: Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster , qemu-devel@nongnu.org Cc: kwolf@redhat.com, stefanha@redhat.com, qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jEQxT3qW02us9WOihjtoOMKR8T73OhsgM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 03/13/2015 02:09 PM, Markus Armbruster wrote: > We've steered users away from QCOW/QCOW2 encryption for a while, > because it's a flawed design (commit 136cd19 Describe flaws in > qcow/qcow2 encryption in the docs). >=20 > In addition to flawed crypto, we have comically bad usability, and > plain old bugs. Let me show you. >=20 > This stuff is worse than useless, it's a trap for users. >=20 > If people become sufficiently interested in encrypted images to > contribute a cryptographically sane implementation for QCOW2 (or > whatever other format), then rewriting the necessary support around it > from scratch will likely be easier and yield better results than > fixing up the existing mess. >=20 > Let's deprecate the mess now, drop it after a grace period, and move > on. >=20 > Signed-off-by: Markus Armbruster > --- > block.c | 7 +++++++ > qemu-doc.texi | 11 ++++++----- > tests/qemu-iotests/049.out | 6 ++++++ > tests/qemu-iotests/087.out | 18 ++++++++++++++++++ > 4 files changed, 37 insertions(+), 5 deletions(-) Worth having in 2.3. Reviewed-by: Eric Blake > +++ b/qemu-doc.texi > @@ -539,8 +539,8 @@ storage. > @item qcow2 > QEMU image format, the most versatile format. Use it to have smaller > images (useful if your filesystem does not supports holes, for example= > -on Windows), optional AES encryption, zlib based compression and > -support of multiple VM snapshots. > +on Windows), zlib based compression and support of multiple VM > +snapshots. [Side note - Windows NTFS supports holes (so the claim that Windows doesn't support holes is false, although it is true for other typical Windows filesystems such as FAT). On the other hand, Windows hole support is so bad that it typically causes worse performance (at one point, Cygwin used NTFS holes wherever possible, but now defaults to no holes unless you explicitly modify mount options to request Cygwin to use them, because of the performance improvement). Doesn't affect this patch, though.] --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --jEQxT3qW02us9WOihjtoOMKR8T73OhsgM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJVA0chAAoJEKeha0olJ0Nq+y0IAK7b+/2SCOykMkYDYHWIm1p2 3DRFbjNTVaD9yxh8z0foRz49/V+PS8uLW8eNUNMJGXEwfKGcuwR7aFgd8pEQLXMO 4L5DjbRzbj2PY4zrLslc7cC3RNKzK4BMnDsLpwvyJiXeyDdAoCI8SlpoFFYZoXz/ b4CTQtaQHF8tdlU807qPqGwBw4Gloj2uJfkRAydCChSDVe6NN7dKmLWtQML2r9UF d8WxYSwAwPgzixtjHoR+RRL6FLq83XyMF9j1iGFhKig7rCv9AAjTjoeIC9ReW+3P MVRnkXbBy+vLISovc0TNkvz4yRE8vOQLnL5CXQdabhKY5fI073xFinhK49b7iOg= =cVlR -----END PGP SIGNATURE----- --jEQxT3qW02us9WOihjtoOMKR8T73OhsgM--