On 03.01.2017 19:27, Daniel P. Berrange wrote: > Document that use of guest virtual sector numbers as the basis for > the initialization vectors is a potential weakness, when combined > with internal snapshots or multiple images using the same passphrase. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > qemu-img.texi | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/qemu-img.texi b/qemu-img.texi > index 174aae3..8efcf89 100644 > --- a/qemu-img.texi > +++ b/qemu-img.texi > @@ -554,6 +554,15 @@ change the passphrase to protect data in any qcow > images. The files must > be cloned, using a different encryption passphrase in the new file. The > original file must then be securely erased using a program like shred, > though even this is ineffective with many modern storage technologies. > +@item Initialization vectors used to encrypt sectors are based on the > +guest virtual sector number, instead of the host physical sector. When > +a disk image has multiple internal snapshots this means that data in > +multiple physical sectors is encrypted with the same initialization > +vector. With the CBC mode, this opens the possibility of watermarking > +attacks if the attack can collect multiple sectors encrypted with the > +same IV and some predictable data. Having multiple qcow2 images with > +the same passphrase also exposes this weakness since the passphrase > +is directly used as the key. > @end itemize
In the output manpage, this itemize looks pretty broken to me:
@item foo
bar baz
is formatted as:
-<foo>
bar baz
Which may be used intentionally, but it certainly isn't here.
It should probably be written as:
@item
foo bar baz
which becomes
- foo bar baz
(which is what the other itemize in qemu-img.texi does)
Do you want to fix that in this series?
Max
>
> Use of qcow / qcow2 encryption is thus strongly discouraged. Users are
>
signature.asc
Description: OpenPGP digital signature
