git.proxmox.com Git - mirror_qemu.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Wed, 22 Jan 2014 15:47:10 +0000 (15:47 +0000)
committer	Stefan Hajnoczi <stefanha@redhat.com>
	Fri, 31 Jan 2014 21:05:03 +0000 (22:05 +0100)
commit	136cd19d0522c03b6dccc3e344886feab6faee43
tree	e18069cca7e4a0616a712478ed0c49059e16326a	tree
parent	89e4a51ca9546a7bbe1998c4e3d4a3ac3a0c19be	commit \| diff

Describe flaws in qcow/qcow2 encryption in the docs

The qemu-img.texi / qemu-doc.texi files currently describe the
qcow2/qcow2 encryption thus

  "Encryption uses the AES format which is very secure (128 bit
   keys). Use a long password (16 characters) to get maximum
   protection."

While AES is indeed a strong encryption system, the way that
QCow/QCow2 use it results in a poor/weak encryption system.
Due to the use of predictable IVs, based on the sector number
extended to 128 bits, it is vulnerable to chosen plaintext
attacks which can reveal the existence of encrypted data.

The direct use of the user passphrase as the encryption key
also leads to an inability to change the passphrase of an
image. If passphrase is ever compromised the image data will
all be vulnerable, since it cannot be re-encrypted. The admin
has to clone the image files with a new passphrase and then
use a program like shred to secure erase all the old files.

Recommend against any use of QCow/QCow2 encryption, directing
users to dm-crypt / LUKS which can meet modern cryptography
best practices.

[Changed "Qcow" to "qcow" for consistency.
--Stefan]

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-doc.texi		diff \| blob \| blame \| history
qemu-img.texi		diff \| blob \| blame \| history