On Tue, Jul 23, 2013 at 05:22:47PM +0200, Stefan Hajnoczi wrote: > On Tue, Jul 23, 2013 at 04:40:34PM +0200, Benoît Canet wrote: > > > More generally, QCow2's current encryption support is woefully inadequate > > > from a design POV. If we wanted better encryption built-in to QEMU it is > > > best to just deprecate the current encryption support and define a new > > > qcow2 extension based around something like the LUKS data format. Using > > > the LUKS data format precisely would be good from a data portability > > > POV, since then you can easily switch your images between LUKS encrypted > > > block device & qcow2-with-luks image file, without needing to re-encrypt > > > the data. > > > > I read the LUKS specification and undestood enough part of it to understand > > the > > potentials benefits (stronger encryption key, multiple user keys, > > possibility to > > change users keys). > > > > Kevin & Stefan: What do you think about implementing LUKS in QCOW2 ? > > Using standard or proven approachs in crypto is a good thing. I haven't > looked at qcow2 encryption in the past because fairly few people > actually use it. > > One use-case I have heard about is qcow2 files over NFS. The network > and the storage system should not see guest data. Only the host and the > VM should see the data.
Yep, that is the core usecase. You are securing the system such that only the VM host administrator/processes can compromise the data. It is protected against malicious storage and/or network administrators. > A big win with LUKS is that you can change the passphrase without > re-encrypting the data. Other benefits of LUKs are - Strong encryption key, even if the passphrase itself is weak - Support for multiple passphrases - Support for arbitrary different encryption algorithms / settings - Ability to detect whether the passphrase is correct or not rather than just decrypting to produce garbage Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
