Goodday, OpenStack DВaaS community.

    I'd like to start conversation about guestagent security issue related
to backup/restore process. Trove guestagent service uses AES with 256 bit
key (in CBC mode) [1] to encrypt backups which are stored at predefined
Swift container.

    As you can see, password is defined in config file [2]. And here comes
problem, this password is used for all tenants/projects that use Trove - it
is a security issue. I would like to suggest Key derivation function [3]
based on static attributes specific for each tenant/project (tenant_id).
KDF would be based upon python implementation of PBKDF2 [4]. Implementation
can be seen here [5].

    Also i'm looking forward to give user an ability to pass password for
KDF that would deliver key for backup/restore encryption/decryption, if
ingress password (from user) will be empty, guest will use static
attributes of tenant (tenant_id).

To allow backward compatibility, python-troveclient should be able to pass
old password [1] to guestagent as one of parameters on restore call.

Blueprint already have been registered in Trove launchpad space, [6].

I also foresee porting this feature to oslo-crypt, as part of security
framework (oslo.crypto) extensions.

Thoughts ?







Best regards,

Denis Makogon

Mirantis, Inc.

Kharkov, Ukraine
OpenStack-dev mailing list

Reply via email to