[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v1 03/15] qcow: document another weakness of qco
|
From: |
Max Reitz |
|
Subject: |
Re: [Qemu-devel] [PATCH v1 03/15] qcow: document another weakness of qcow AES encryption |
|
Date: |
Mon, 16 Jan 2017 20:37:57 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 |
On 03.01.2017 19:27, Daniel P. Berrange wrote:
> Document that use of guest virtual sector numbers as the basis for
> the initialization vectors is a potential weakness, when combined
> with internal snapshots or multiple images using the same passphrase.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> qemu-img.texi | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/qemu-img.texi b/qemu-img.texi
> index 174aae3..8efcf89 100644
> --- a/qemu-img.texi
> +++ b/qemu-img.texi
> @@ -554,6 +554,15 @@ change the passphrase to protect data in any qcow
> images. The files must
> be cloned, using a different encryption passphrase in the new file. The
> original file must then be securely erased using a program like shred,
> though even this is ineffective with many modern storage technologies.
> address@hidden Initialization vectors used to encrypt sectors are based on the
> +guest virtual sector number, instead of the host physical sector. When
> +a disk image has multiple internal snapshots this means that data in
> +multiple physical sectors is encrypted with the same initialization
> +vector. With the CBC mode, this opens the possibility of watermarking
> +attacks if the attack can collect multiple sectors encrypted with the
> +same IV and some predictable data. Having multiple qcow2 images with
> +the same passphrase also exposes this weakness since the passphrase
> +is directly used as the key.
> @end itemize
In the output manpage, this itemize looks pretty broken to me:
@item foo
bar baz
is formatted as:
-<foo>
bar baz
Which may be used intentionally, but it certainly isn't here.
It should probably be written as:
@item
foo bar baz
which becomes
- foo bar baz
(which is what the other itemize in qemu-img.texi does)
Do you want to fix that in this series?
Max
>
> Use of qcow / qcow2 encryption is thus strongly discouraged. Users are
>
signature.asc
Description: OpenPGP digital signature
- [Qemu-devel] [PATCH v1 00/15] Convert QCow[2] to QCryptoBlock & add LUKS support, Daniel P. Berrange, 2017/01/03
- [Qemu-devel] [PATCH v1 01/15] block: expose crypto option names / defs to other drivers, Daniel P. Berrange, 2017/01/03
- [Qemu-devel] [PATCH v1 02/15] block: add ability to set a prefix for opt names, Daniel P. Berrange, 2017/01/03
- [Qemu-devel] [PATCH v1 03/15] qcow: document another weakness of qcow AES encryption, Daniel P. Berrange, 2017/01/03
- Re: [Qemu-devel] [PATCH v1 03/15] qcow: document another weakness of qcow AES encryption,
Max Reitz <=
- [Qemu-devel] [PATCH v1 04/15] qcow: require image size to be > 1 for new images, Daniel P. Berrange, 2017/01/03
- [Qemu-devel] [PATCH v1 05/15] iotests: skip 042 with qcow which dosn't support zero sized images, Daniel P. Berrange, 2017/01/03
- [Qemu-devel] [PATCH v1 06/15] iotests: skip 048 with qcow which doesn't support resize, Daniel P. Berrange, 2017/01/03
- [Qemu-devel] [PATCH v1 08/15] qcow: make encrypt_sectors encrypt in place, Daniel P. Berrange, 2017/01/03