On 03.01.2017 19:27, Daniel P. Berrange wrote: > Document that use of guest virtual sector numbers as the basis for > the initialization vectors is a potential weakness, when combined > with internal snapshots or multiple images using the same passphrase. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > qemu-img.texi | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/qemu-img.texi b/qemu-img.texi > index 174aae3..8efcf89 100644 > --- a/qemu-img.texi > +++ b/qemu-img.texi > @@ -554,6 +554,15 @@ change the passphrase to protect data in any qcow > images. The files must > be cloned, using a different encryption passphrase in the new file. The > original file must then be securely erased using a program like shred, > though even this is ineffective with many modern storage technologies. > +@item Initialization vectors used to encrypt sectors are based on the > +guest virtual sector number, instead of the host physical sector. When > +a disk image has multiple internal snapshots this means that data in > +multiple physical sectors is encrypted with the same initialization > +vector. With the CBC mode, this opens the possibility of watermarking > +attacks if the attack can collect multiple sectors encrypted with the > +same IV and some predictable data. Having multiple qcow2 images with > +the same passphrase also exposes this weakness since the passphrase > +is directly used as the key. > @end itemize
In the output manpage, this itemize looks pretty broken to me: @item foo bar baz is formatted as: -<foo> bar baz Which may be used intentionally, but it certainly isn't here. It should probably be written as: @item foo bar baz which becomes - foo bar baz (which is what the other itemize in qemu-img.texi does) Do you want to fix that in this series? Max > > Use of qcow / qcow2 encryption is thus strongly discouraged. Users are >
signature.asc
Description: OpenPGP digital signature