> More generally, QCow2's current encryption support is woefully inadequate > from a design POV. If we wanted better encryption built-in to QEMU it is > best to just deprecate the current encryption support and define a new > qcow2 extension based around something like the LUKS data format. Using > the LUKS data format precisely would be good from a data portability > POV, since then you can easily switch your images between LUKS encrypted > block device & qcow2-with-luks image file, without needing to re-encrypt > the data.
I read the LUKS specification and undestood enough part of it to understand the potentials benefits (stronger encryption key, multiple user keys, possibility to change users keys). Kevin & Stefan: What do you think about implementing LUKS in QCOW2 ? Best regards Benoît