[openstack-dev] [nova] Do we have users of CryptsetupEncryptor and if so why?

Lee Yarwood lyarwood at redhat.com
Tue Nov 8 14:15:47 UTC 2016

On 07-11-16 17:42:02, Lee Yarwood wrote:
> Hello all,
> The following bug was recently discovered where encrypted volumes
> created prior to Newton use a slightly mangled passphrase :
> The passphrase used to encrypt or decrypt volumes was mangled prior to Newton
> https://launchpad.net/bugs/1633518
> This is currently being resolved for LUKS based volumes in the following
> change with the incorrect passphrase being removed and replaced :
> encryptors: Workaround mangled passphrases
> https://review.openstack.org/#/c/386670/
> Unfortunately we can't do the same for volumes using the plain format
> provided by the CryptsetupEncryptor class. While the above change does
> include a workaround it would be better if we could deprecate this
> format and encryptor for new volumes ASAP and move everyone to LUKS etc.
> Before deprecating CryptsetupEncryptor I wanted to ask this list if we
> have any active users of this encryptor and if so why is it being used?
> Is there a specific use case where plain is better than LUKS and thus
> needs to stay around?
> Thanks in advance,
> Lee

CC'ing openstack-dev for some additional feedback.

Lee Yarwood
Senior Software Engineer
Red Hat

PGP : A5D1 9385 88CB 7E5F BE64  6618 BCA6 6E33 F672 2D76

More information about the OpenStack-dev mailing list