On Mon, Jan 16, 2017 at 08:37:57PM +0100, Max Reitz wrote: > On 03.01.2017 19:27, Daniel P. Berrange wrote: > > Document that use of guest virtual sector numbers as the basis for > > the initialization vectors is a potential weakness, when combined > > with internal snapshots or multiple images using the same passphrase. > > > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > > --- > > qemu-img.texi | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/qemu-img.texi b/qemu-img.texi > > index 174aae3..8efcf89 100644 > > --- a/qemu-img.texi > > +++ b/qemu-img.texi > > @@ -554,6 +554,15 @@ change the passphrase to protect data in any qcow > > images. The files must > > be cloned, using a different encryption passphrase in the new file. The > > original file must then be securely erased using a program like shred, > > though even this is ineffective with many modern storage technologies. > > +@item Initialization vectors used to encrypt sectors are based on the > > +guest virtual sector number, instead of the host physical sector. When > > +a disk image has multiple internal snapshots this means that data in > > +multiple physical sectors is encrypted with the same initialization > > +vector. With the CBC mode, this opens the possibility of watermarking > > +attacks if the attack can collect multiple sectors encrypted with the > > +same IV and some predictable data. Having multiple qcow2 images with > > +the same passphrase also exposes this weakness since the passphrase > > +is directly used as the key. > > @end itemize > > In the output manpage, this itemize looks pretty broken to me: > > @item foo > bar baz > > is formatted as: > > -<foo> > bar baz > > Which may be used intentionally, but it certainly isn't here. > > It should probably be written as: > > @item > foo bar baz > > which becomes > > - foo bar baz > > (which is what the other itemize in qemu-img.texi does) > > Do you want to fix that in this series?
Yes, will do. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
