On 03/13/2015 02:09 PM, Markus Armbruster wrote: > We've steered users away from QCOW/QCOW2 encryption for a while, > because it's a flawed design (commit 136cd19 Describe flaws in > qcow/qcow2 encryption in the docs). > > In addition to flawed crypto, we have comically bad usability, and > plain old bugs. Let me show you. >
> This stuff is worse than useless, it's a trap for users. > > If people become sufficiently interested in encrypted images to > contribute a cryptographically sane implementation for QCOW2 (or > whatever other format), then rewriting the necessary support around it > from scratch will likely be easier and yield better results than > fixing up the existing mess. > > Let's deprecate the mess now, drop it after a grace period, and move > on. > > Signed-off-by: Markus Armbruster <arm...@redhat.com> > --- > block.c | 7 +++++++ > qemu-doc.texi | 11 ++++++----- > tests/qemu-iotests/049.out | 6 ++++++ > tests/qemu-iotests/087.out | 18 ++++++++++++++++++ > 4 files changed, 37 insertions(+), 5 deletions(-) Worth having in 2.3. Reviewed-by: Eric Blake <ebl...@redhat.com> > +++ b/qemu-doc.texi > @@ -539,8 +539,8 @@ storage. > @item qcow2 > QEMU image format, the most versatile format. Use it to have smaller > images (useful if your filesystem does not supports holes, for example > -on Windows), optional AES encryption, zlib based compression and > -support of multiple VM snapshots. > +on Windows), zlib based compression and support of multiple VM > +snapshots. [Side note - Windows NTFS supports holes (so the claim that Windows doesn't support holes is false, although it is true for other typical Windows filesystems such as FAT). On the other hand, Windows hole support is so bad that it typically causes worse performance (at one point, Cygwin used NTFS holes wherever possible, but now defaults to no holes unless you explicitly modify mount options to request Cygwin to use them, because of the performance improvement). Doesn't affect this patch, though.] -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
