Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption
Date:	Fri, 13 Mar 2015 14:22:57 -0600
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

On 03/13/2015 02:09 PM, Markus Armbruster wrote:
> We've steered users away from QCOW/QCOW2 encryption for a while,
> because it's a flawed design (commit 136cd19 Describe flaws in
> qcow/qcow2 encryption in the docs).
> 
> In addition to flawed crypto, we have comically bad usability, and
> plain old bugs.  Let me show you.
> 

> This stuff is worse than useless, it's a trap for users.
> 
> If people become sufficiently interested in encrypted images to
> contribute a cryptographically sane implementation for QCOW2 (or
> whatever other format), then rewriting the necessary support around it
> from scratch will likely be easier and yield better results than
> fixing up the existing mess.
> 
> Let's deprecate the mess now, drop it after a grace period, and move
> on.
> 
> Signed-off-by: Markus Armbruster <address@hidden>
> ---
>  block.c                    |  7 +++++++
>  qemu-doc.texi              | 11 ++++++-----
>  tests/qemu-iotests/049.out |  6 ++++++
>  tests/qemu-iotests/087.out | 18 ++++++++++++++++++
>  4 files changed, 37 insertions(+), 5 deletions(-)

Worth having in 2.3.

Reviewed-by: Eric Blake <address@hidden>

> +++ b/qemu-doc.texi
> @@ -539,8 +539,8 @@ storage.
>  @item qcow2
>  QEMU image format, the most versatile format. Use it to have smaller
>  images (useful if your filesystem does not supports holes, for example
> -on Windows), optional AES encryption, zlib based compression and
> -support of multiple VM snapshots.
> +on Windows), zlib based compression and support of multiple VM
> +snapshots.

[Side note - Windows NTFS supports holes (so the claim that Windows
doesn't support holes is false, although it is true for other typical
Windows filesystems such as FAT).  On the other hand, Windows hole
support is so bad that it typically causes worse performance (at one
point, Cygwin used NTFS holes wherever possible, but now defaults to no
holes unless you explicitly modify mount options to request Cygwin to
use them, because of the performance improvement).  Doesn't affect this
patch, though.]


-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption, Markus Armbruster, 2015/03/13
- Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption, Markus Armbruster, 2015/03/13
- Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption, Eric Blake <=
- Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption, Daniel P. Berrange, 2015/03/16
- Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption, Kevin Wolf, 2015/03/16

Prev by Date: [Qemu-devel] [PULL 3/6] tcg: Change translator-side labels to a pointer
Next by Date: Re: [Qemu-devel] [PATCH 0/6] TriCore: add RRR1, RRRR, RRRW, SYS instructions
Previous by thread: Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption
Next by thread: Re: [Qemu-devel] [PATCH] block: Deprecate QCOW/QCOW2 encryption
Index(es):
- Date
- Thread