Goodday, OpenStack DВaaS community.
I'd like to start conversation about guestagent security issue related to backup/restore process. Trove guestagent service uses AES with 256 bit key (in CBC mode)  to encrypt backups which are stored at predefined Swift container. As you can see, password is defined in config file . And here comes problem, this password is used for all tenants/projects that use Trove - it is a security issue. I would like to suggest Key derivation function  based on static attributes specific for each tenant/project (tenant_id). KDF would be based upon python implementation of PBKDF2 . Implementation can be seen here . Also i'm looking forward to give user an ability to pass password for KDF that would deliver key for backup/restore encryption/decryption, if ingress password (from user) will be empty, guest will use static attributes of tenant (tenant_id). To allow backward compatibility, python-troveclient should be able to pass old password  to guestagent as one of parameters on restore call. Blueprint already have been registered in Trove launchpad space, . I also foresee porting this feature to oslo-crypt, as part of security framework (oslo.crypto) extensions. Thoughts ?  https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/base.py#L113-L116  https://github.com/openstack/trove/blob/master/etc/trove/trove-guestagent.conf.sample#L69  http://en.wikipedia.org/wiki/Key_derivation_function  http://en.wikipedia.org/wiki/PBKDF2  https://gist.github.com/denismakogon/8823279  https://blueprints.launchpad.net/trove/+spec/backup-encryption Best regards, Denis Makogon Mirantis, Inc. Kharkov, Ukraine www.mirantis.com www.mirantis.ru dmako...@mirantis.com
_______________________________________________ OpenStack-dev mailing list OpenStackemail@example.com http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev