[openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

Daniel P. Berrange berrange at redhat.com
Thu May 25 11:01:28 UTC 2017

On Thu, May 25, 2017 at 11:38:44AM +0100, Duncan Thomas wrote:
> On 25 May 2017 at 11:00, Lee Yarwood <lyarwood at redhat.com> wrote:
> > This has also reminded me that the plain (dm-crypt) format really needs
> > to be deprecated this cycle. I posted to the dev and ops ML [2] last
> > year about this but received no feedback. Assuming there are no last
> > minute objections I'm going to move forward with deprecating this format
> > in os-brick this cycle.
> What is the reasoning for this? There are plenty of people using it, and
> you're going to break them going forward if you remove it.

It has bad security management characteristics because the passphrase is
directly used to create the encryption key. Thus there's no way to update
the passphrase without re-encrypting all data in the device. If your passphrase
is compromised all data is compromised until you can do such re-encryption,
or you have to shred all copies of it, including any backups. If you want
todo the encryption in-place your VMs have to be taken offline too.

|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the OpenStack-dev mailing list