[Openstack-operators] [nova] Do we have users of CryptsetupEncryptor and if so why?
lyarwood at redhat.com
Mon Nov 7 17:42:02 UTC 2016
The following bug was recently discovered where encrypted volumes
created prior to Newton use a slightly mangled passphrase :
The passphrase used to encrypt or decrypt volumes was mangled prior to Newton
This is currently being resolved for LUKS based volumes in the following
change with the incorrect passphrase being removed and replaced :
encryptors: Workaround mangled passphrases
Unfortunately we can't do the same for volumes using the plain format
provided by the CryptsetupEncryptor class. While the above change does
include a workaround it would be better if we could deprecate this
format and encryptor for new volumes ASAP and move everyone to LUKS etc.
Before deprecating CryptsetupEncryptor I wanted to ask this list if we
have any active users of this encryptor and if so why is it being used?
Is there a specific use case where plain is better than LUKS and thus
needs to stay around?
Thanks in advance,
Senior Software Engineer
PGP : A5D1 9385 88CB 7E5F BE64 6618 BCA6 6E33 F672 2D76
More information about the OpenStack-operators