Stefan Hajnoczi <stefanha@xxxxxxxxx> writes:
> On Mon, Feb 16, 2015 at 06:19:04PM +0100, Henry Noack wrote:
>> it is possible to decrypt a kvm volume only by using the command line after
>> starting it?
>
> Encryption can be done at 3 levels:
[...]
> 2. In QEMU with qcow2, although this feature is not widely used and not
> up to modern disk encryption standards.
Quoting the fine manual:
The use of encryption in qcow and qcow2 images is considered
to be flawed by modern cryptography standards, suffering from
a number of design problems:
− The AES-CBC cipher is used with predictable
initialization vectors based on the sector number. This
makes it vulnerable to chosen plaintext attacks which can
reveal the existence of encrypted data.
− The user passphrase is directly used as the encryption
key. A poorly chosen or short passphrase will compromise
the security of the encryption.
− In the event of the passphrase being compromised there is
no way to change the passphrase to protect data in any
qcow images. The files must be cloned, using a different
encryption passphrase in the new file. The original file
must then be securely erased using a program like shred,
though even this is ineffective with many modern storage
technologies.
Use of qcow / qcow2 encryption is thus strongly discouraged.
Users are recommended to use an alternative encryption
technology such as the Linux dm-crypt / LUKS system.
[...]
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
