[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

How Useful is In-Guest Encryption?


#21

Is this the same as the encryption of qcow(2) images? There are some flaws in the implementation.


#22

Yes I get it. I think that would be awesome. The impact should be negligible thanks to AES acceleration.

Hm. That poses a huge obstacle since images are potentially 100GB each. I think this advice is good for extra precautions against known ciphertext attacks but realistically I don’t believe this allows cracking AES completely?


#23

No its the newer implementation using LUKS instead of the home-brew image format specific one they had earlier which was deprecated in the link you posted.


#24

AES is safe without random data for the free space it’s just to prevent some meta data leaks such as what parts of the disk are encrypted and how much is stored. You also wouldn’t want to distribute such images where the space is already filled because then everyone would have the same supposedly random data. (images would still be larger though because you can’t compress them anymore with xz)

[quote=“HulaHoop, post:23, topic:1253”]
No its the newer implementation using LUKS instead of the home-brew image format specific one they had earlier[/quote]

Ah, good to know. Thanks.