Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the docs
Date:	Wed, 22 Jan 2014 06:21:24 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

On 01/22/2014 04:36 AM, Daniel P. Berrange wrote:
> The qemu-img.texi / qemu-doc.texi files currently describe the
> qcow2/qcow2 encryption thus
> 
>   "Encryption uses the AES format which is very secure (128 bit
>    keys). Use a long password (16 characters) to get maximum
>    protection."
> 
> While AES is indeed a strong encryption system, the way that
> QCow/QCow2 use it results in a poor/weak encryption system.
> Due to the use of predictable IVs it is vulnerable to chosen
> plaintext attacks which can reveal the existance of encrypted

s/existance/existence/

> data.
> 
> The direct use of the user passphrase as the encryption key
> also leads to an inability to change the passphrase of an
> image. If passphrase is ever compromised the image data will
> all be vulnerable, since it cannot be re-encrypted. The admin
> has to clone the image files with a new passphrase and then
> use a program like shred to secure erase all the old files.
> 
> Recommend against any use of QCow/QCow2 encryption, directing
> users to dm-crypt / LUKS which can meet modern cryptography
> best practices.
> 
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
>  qemu-doc.texi | 23 ++++++++++++++++++++---
>  qemu-img.texi | 23 ++++++++++++++++++++---
>  2 files changed, 40 insertions(+), 6 deletions(-)
> 

> +
> +The use of encryption in QCow and QCow2 images is considered to flawed by 
> modern
> +cryptography standards, suffering from a number of design problems

s/$/:/

> +
> address@hidden @minus
> address@hidden The AES-CBC cipher is used with predictable initialization 
> vectors based
> +on the sector number. This makes it vulnerable to chosen plaintext attacks
> +which can reveal the existence of encrypted data.
> address@hidden The user passphrase is directly used as the encryption key. A 
> poorly
> +choosen / short passphrase will compromise the security of the encryption.

s/choosen/chosen/

> +In the event of the passphrase being compromised there is no way to change

Maybe s/^/@item / ?  After all, the need to clone/shred after compromise
is there whether the passphrase was poorly chosen or maximally chosen,
it's just that poorly chosen is more likely to be easily compromised.

> +++ b/qemu-img.texi

> address@hidden The user passphrase is directly used as the encryption key. A 
> poorly
> +choosen / short passphrase will compromise the security of the encryption.

Copy and paste the fixes above here, too.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the docs, Daniel P. Berrange, 2014/01/22
- Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the docs, Eric Blake <=
- Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the docs, Peter Maydell, 2014/01/22
  - Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the docs, Daniel P. Berrange, 2014/01/22

Prev by Date: Re: [Qemu-devel] [v19 03/25] improve some functions in qemu-option.c
Next by Date: Re: [Qemu-devel] [v19 12/25] qed.c: replace QEMUOptionParameter with QemuOpts
Previous by thread: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the docs
Next by thread: Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the docs
Index(es):
- Date
- Thread