On 01/22/2014 05:28 AM, Daniel P. Berrange wrote: > > Recommend against any use of QCow/QCow2 encryption, directing > users to dm-crypt / LUKS which can meet modern cryptography > best practices. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > qemu-doc.texi | 23 ++++++++++++++++++++--- > qemu-img.texi | 23 ++++++++++++++++++++--- > 2 files changed, 40 insertions(+), 6 deletions(-)
> + > +@itemize @minus > +@item The AES-CBC cipher is used with predictable initialization vectors > based > +on the sector number. This makes it vulnerable to chosen plaintext attacks > +which can reveal the existence of encrypted data. > +@item The user passphrase is directly used as the encryption key. A poorly > +choosen or short passphrase will compromise the security of the encryption. s/choosen/chosen/ (both files) > +In the event of the passphrase being compromised there is no way to change and still my question whether this deserves a third @item. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
