[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] Describe flaws in qcow/qcow2 encryption in t
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH v2] Describe flaws in qcow/qcow2 encryption in the docs |
Date: |
Wed, 22 Jan 2014 08:24:00 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 |
On 01/22/2014 05:28 AM, Daniel P. Berrange wrote:
>
> Recommend against any use of QCow/QCow2 encryption, directing
> users to dm-crypt / LUKS which can meet modern cryptography
> best practices.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> qemu-doc.texi | 23 ++++++++++++++++++++---
> qemu-img.texi | 23 ++++++++++++++++++++---
> 2 files changed, 40 insertions(+), 6 deletions(-)
> +
> address@hidden @minus
> address@hidden The AES-CBC cipher is used with predictable initialization
> vectors based
> +on the sector number. This makes it vulnerable to chosen plaintext attacks
> +which can reveal the existence of encrypted data.
> address@hidden The user passphrase is directly used as the encryption key. A
> poorly
> +choosen or short passphrase will compromise the security of the encryption.
s/choosen/chosen/ (both files)
> +In the event of the passphrase being compromised there is no way to change
and still my question whether this deserves a third @item.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature