[openstack-dev] Volume Encryption
Benjamin, Bruce P.
Bruce.Benjamin at jhuapl.edu
Fri Feb 15 19:58:00 UTC 2013
On 2/12/2013, Caitlin Bestler wrote:
>> I'd recommend that OpenStack just use the technology that is available, and specifically avoid endorsing any of the options.
To address this issue and provide flexibility for the default encryption options for the proposed volume encryption feature, the implementation now exposes the dm-crypt options via Nova's configuration file. All relevant options and default values are configurable through this file, with present settings as follows: cryptsetup_default_cipher: aes-xts-plain64, cryptsetup_default_key_size: 256, and cryptsetup_default_hash: None. Note that any parameter specified by the value 'None' will revert to the default values compiled into cryptsetup (and I just heard that these differ depending on the Linux distribution.)
BTW, though the volume encryption feature didn't make it into Grizzly due to the late submission, our group will continue this work with solid plans to submit this and other related code for Havana.
More information about the OpenStack-dev
mailing list