On 01/22/2014 04:36 AM, Daniel P. Berrange wrote: > The qemu-img.texi / qemu-doc.texi files currently describe the > qcow2/qcow2 encryption thus > > "Encryption uses the AES format which is very secure (128 bit > keys). Use a long password (16 characters) to get maximum > protection." > > While AES is indeed a strong encryption system, the way that > QCow/QCow2 use it results in a poor/weak encryption system. > Due to the use of predictable IVs it is vulnerable to chosen > plaintext attacks which can reveal the existance of encrypted
s/existance/existence/ > data. > > The direct use of the user passphrase as the encryption key > also leads to an inability to change the passphrase of an > image. If passphrase is ever compromised the image data will > all be vulnerable, since it cannot be re-encrypted. The admin > has to clone the image files with a new passphrase and then > use a program like shred to secure erase all the old files. > > Recommend against any use of QCow/QCow2 encryption, directing > users to dm-crypt / LUKS which can meet modern cryptography > best practices. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > qemu-doc.texi | 23 ++++++++++++++++++++--- > qemu-img.texi | 23 ++++++++++++++++++++--- > 2 files changed, 40 insertions(+), 6 deletions(-) > > + > +The use of encryption in QCow and QCow2 images is considered to flawed by > modern > +cryptography standards, suffering from a number of design problems s/$/:/ > + > +@itemize @minus > +@item The AES-CBC cipher is used with predictable initialization vectors > based > +on the sector number. This makes it vulnerable to chosen plaintext attacks > +which can reveal the existence of encrypted data. > +@item The user passphrase is directly used as the encryption key. A poorly > +choosen / short passphrase will compromise the security of the encryption. s/choosen/chosen/ > +In the event of the passphrase being compromised there is no way to change Maybe s/^/@item / ? After all, the need to clone/shred after compromise is there whether the passphrase was poorly chosen or maximally chosen, it's just that poorly chosen is more likely to be easily compromised. > +++ b/qemu-img.texi > +@item The user passphrase is directly used as the encryption key. A poorly > +choosen / short passphrase will compromise the security of the encryption. Copy and paste the fixes above here, too. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
