[openstack-dev] Volume Encryption

Bryan D. Payne bdpayne at acm.org
Fri Feb 15 17:17:41 UTC 2013


> I do not see any point in discussing which encryption algorithms will be
> supported in an OpenStack forum.

The reason that I brought this (CBC vs XTS) up in the first place is
that there are different security requirements for the IV and keys
depending on which cipher mode you use.  So, from an implementation
standpoint, if you care about security, then you need to pre-select
which algs you want to support and ensure that your IV and key
handling is appropriate for those cases.

Personally, I would much rather provide support for a variety of
options.  But, to say that this can be done without such a discussion
for OpenStack and the implementations that we are discussing misses
the point.

-bryan



More information about the OpenStack-dev mailing list