[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH] Describe flaws in qcow/qcow2 encryption in the docs |
Date: |
Wed, 22 Jan 2014 11:49:21 +0000 |
On 22 January 2014 11:36, Daniel P. Berrange <address@hidden> wrote:
> Recommend against any use of QCow/QCow2 encryption, directing
> users to dm-crypt / LUKS which can meet modern cryptography
> best practices.
Couple of minor typo nits I spotted:
> diff --git a/qemu-doc.texi b/qemu-doc.texi
> index 4e9c6e9..c9da6ad 100644
> --- a/qemu-doc.texi
> +++ b/qemu-doc.texi
> @@ -547,10 +547,27 @@ File name of a base image (see @option{create}
> subcommand)
> @item backing_fmt
> Image format of the base image
> @item encryption
> -If this option is set to @code{on}, the image is encrypted.
> +If this option is set to @code{on}, the image is encrypted with 128-bit
> AES-CBC.
> +
> +The use of encryption in QCow and QCow2 images is considered to flawed by
> modern
"to be"
> +cryptography standards, suffering from a number of design problems
Missing ".".
> +
> address@hidden @minus
> address@hidden The AES-CBC cipher is used with predictable initialization
> vectors based
> +on the sector number. This makes it vulnerable to chosen plaintext attacks
> +which can reveal the existence of encrypted data.
> address@hidden The user passphrase is directly used as the encryption key. A
> poorly
> +choosen / short passphrase will compromise the security of the encryption.
"chosen or short".
> +In the event of the passphrase being compromised there is no way to change
> +the passphrase to protect data in any QCow images. The files must be cloned,
> +using a different encryption passphrase in the new file. The original file
> +must then be securely erased using a program like shred, though even this
> +is ineffective with many modern storage technologies.
> address@hidden itemize
>
> -Encryption uses the AES format which is very secure (128 bit keys). Use
> -a long password (16 characters) to get maximum protection.
> +Use of QCow / QCow2 encryption is thus strongly discouraged. Users are
> +recommended to use an alternative encryption technology such as the
> +Linux dm-crypt / LUKS system.
(same typos also in the texi version).
thanks
-- PMM