[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v1 03/15] qcow: document another weakness of qco
|
From: |
Daniel P. Berrange |
|
Subject: |
Re: [Qemu-block] [PATCH v1 03/15] qcow: document another weakness of qcow AES encryption |
|
Date: |
Tue, 24 Jan 2017 12:11:46 +0000 |
|
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Mon, Jan 16, 2017 at 08:37:57PM +0100, Max Reitz wrote:
> On 03.01.2017 19:27, Daniel P. Berrange wrote:
> > Document that use of guest virtual sector numbers as the basis for
> > the initialization vectors is a potential weakness, when combined
> > with internal snapshots or multiple images using the same passphrase.
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> > qemu-img.texi | 9 +++++++++
> > 1 file changed, 9 insertions(+)
> >
> > diff --git a/qemu-img.texi b/qemu-img.texi
> > index 174aae3..8efcf89 100644
> > --- a/qemu-img.texi
> > +++ b/qemu-img.texi
> > @@ -554,6 +554,15 @@ change the passphrase to protect data in any qcow
> > images. The files must
> > be cloned, using a different encryption passphrase in the new file. The
> > original file must then be securely erased using a program like shred,
> > though even this is ineffective with many modern storage technologies.
> > address@hidden Initialization vectors used to encrypt sectors are based on
> > the
> > +guest virtual sector number, instead of the host physical sector. When
> > +a disk image has multiple internal snapshots this means that data in
> > +multiple physical sectors is encrypted with the same initialization
> > +vector. With the CBC mode, this opens the possibility of watermarking
> > +attacks if the attack can collect multiple sectors encrypted with the
> > +same IV and some predictable data. Having multiple qcow2 images with
> > +the same passphrase also exposes this weakness since the passphrase
> > +is directly used as the key.
> > @end itemize
>
> In the output manpage, this itemize looks pretty broken to me:
>
> @item foo
> bar baz
>
> is formatted as:
>
> -<foo>
> bar baz
>
> Which may be used intentionally, but it certainly isn't here.
>
> It should probably be written as:
>
> @item
> foo bar baz
>
> which becomes
>
> - foo bar baz
>
> (which is what the other itemize in qemu-img.texi does)
>
> Do you want to fix that in this series?
Yes, will do.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
- [Qemu-block] [PATCH v1 00/15] Convert QCow[2] to QCryptoBlock & add LUKS support, Daniel P. Berrange, 2017/01/03
- [Qemu-block] [PATCH v1 01/15] block: expose crypto option names / defs to other drivers, Daniel P. Berrange, 2017/01/03
- [Qemu-block] [PATCH v1 02/15] block: add ability to set a prefix for opt names, Daniel P. Berrange, 2017/01/03
- [Qemu-block] [PATCH v1 03/15] qcow: document another weakness of qcow AES encryption, Daniel P. Berrange, 2017/01/03
- [Qemu-block] [PATCH v1 04/15] qcow: require image size to be > 1 for new images, Daniel P. Berrange, 2017/01/03
- [Qemu-block] [PATCH v1 05/15] iotests: skip 042 with qcow which dosn't support zero sized images, Daniel P. Berrange, 2017/01/03
- [Qemu-block] [PATCH v1 06/15] iotests: skip 048 with qcow which doesn't support resize, Daniel P. Berrange, 2017/01/03
- [Qemu-block] [PATCH v1 08/15] qcow: make encrypt_sectors encrypt in place, Daniel P. Berrange, 2017/01/03