aboutsummaryrefslogtreecommitdiff
path: root/block/qed.c
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2014-01-22 15:47:10 +0000
committerStefan Hajnoczi <stefanha@redhat.com>2014-01-31 22:05:03 +0100
commit136cd19d0522c03b6dccc3e344886feab6faee43 (patch)
treee18069cca7e4a0616a712478ed0c49059e16326a /block/qed.c
parent89e4a51ca9546a7bbe1998c4e3d4a3ac3a0c19be (diff)
Describe flaws in qcow/qcow2 encryption in the docs
The qemu-img.texi / qemu-doc.texi files currently describe the qcow2/qcow2 encryption thus "Encryption uses the AES format which is very secure (128 bit keys). Use a long password (16 characters) to get maximum protection." While AES is indeed a strong encryption system, the way that QCow/QCow2 use it results in a poor/weak encryption system. Due to the use of predictable IVs, based on the sector number extended to 128 bits, it is vulnerable to chosen plaintext attacks which can reveal the existence of encrypted data. The direct use of the user passphrase as the encryption key also leads to an inability to change the passphrase of an image. If passphrase is ever compromised the image data will all be vulnerable, since it cannot be re-encrypted. The admin has to clone the image files with a new passphrase and then use a program like shred to secure erase all the old files. Recommend against any use of QCow/QCow2 encryption, directing users to dm-crypt / LUKS which can meet modern cryptography best practices. [Changed "Qcow" to "qcow" for consistency. --Stefan] Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'block/qed.c')
0 files changed, 0 insertions, 0 deletions