On Wed, Jan 22, 2014 at 03:47:10PM +0000, Daniel P. Berrange wrote: > The qemu-img.texi / qemu-doc.texi files currently describe the > qcow2/qcow2 encryption thus > > "Encryption uses the AES format which is very secure (128 bit > keys). Use a long password (16 characters) to get maximum > protection." > > While AES is indeed a strong encryption system, the way that > QCow/QCow2 use it results in a poor/weak encryption system. > Due to the use of predictable IVs, based on the sector number > extended to 128 bits, it is vulnerable to chosen plaintext > attacks which can reveal the existence of encrypted data. > > The direct use of the user passphrase as the encryption key > also leads to an inability to change the passphrase of an > image. If passphrase is ever compromised the image data will > all be vulnerable, since it cannot be re-encrypted. The admin > has to clone the image files with a new passphrase and then > use a program like shred to secure erase all the old files. > > Recommend against any use of QCow/QCow2 encryption, directing > users to dm-crypt / LUKS which can meet modern cryptography > best practices. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > Reviewed-by: Markus Armbruster <arm...@redhat.com> > --- > qemu-doc.texi | 23 ++++++++++++++++++++--- > qemu-img.texi | 23 ++++++++++++++++++++--- > 2 files changed, 40 insertions(+), 6 deletions(-) > > Changed in v3: > > - Addressed feedback/typos from Eric & Markus > > In v2: > > - Addressed typos reported by Peter > > Still welcome info about any other flaws qcow2 has in this > area that should be documented.
Changed "Qcow" to "qcow" for consistency. Thanks, applied to my block tree: https://github.com/stefanha/qemu/commits/block Stefan
