[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] Describe flaws in qcow/qcow2 encryption in t
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] [PATCH v2] Describe flaws in qcow/qcow2 encryption in the docs |
|
Date: |
Wed, 22 Jan 2014 16:32:11 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux) |
"Daniel P. Berrange" <address@hidden> writes:
> The qemu-img.texi / qemu-doc.texi files currently describe the
> qcow2/qcow2 encryption thus
>
> "Encryption uses the AES format which is very secure (128 bit
> keys). Use a long password (16 characters) to get maximum
> protection."
>
> While AES is indeed a strong encryption system, the way that
> QCow/QCow2 use it results in a poor/weak encryption system.
> Due to the use of predictable IVs
Sector number zero-extended to 128 bits.
> it is vulnerable to chosen
> plaintext attacks which can reveal the existance of encrypted
> data.
>
> The direct use of the user passphrase as the encryption key
> also leads to an inability to change the passphrase of an
> image. If passphrase is ever compromised the image data will
> all be vulnerable, since it cannot be re-encrypted. The admin
> has to clone the image files with a new passphrase and then
> use a program like shred to secure erase all the old files.
>
> Recommend against any use of QCow/QCow2 encryption, directing
> users to dm-crypt / LUKS which can meet modern cryptography
> best practices.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
Amateur crypto.
Reviewed-by: Markus Armbruster <address@hidden>