|
Hello, I am new to cryptsetup and trying to figure out some things. The background: I purchased an Asustore AS-304T NAS device that uses cryptsetup to set up encrypted shared folders. I am trying to make sure that I will be able to access all my data on the disks outside of the NAS device using a regular PC with linux installed, in case the NAS device itself fails and I need to get to my data. I will probably post some questions about this later. For now, I have a question about the version of cryptsetup used by the device. I have set up a test system with a RAID1 volume and an encrypted folder on it using the regular Asustor maintenance interface. Logging in to the device as root, "cryptsetup --version" shows "cryptsetup 1.6.1" as installed version. Thus my first question: I saw that the current version seems to be 1.6.6 What is the status of 1.6.1? Is it a stable production release that can be used without problems? Or are there critical issues that would require using a newer version than 1.6.1 ? I went through the release notes of the versions above 1.6.1, but it is not clear how critical the fixes/changes since version 1.6.1 are Also, what other sub-components or libraries besides cryptsetup should I check? Furthermore, using "cryptsetup status EncTest.1" to show some basics about the created test container shows this: /dev/mapper/EncTest.1 is active and is in use. type: PLAIN cipher: aes-cbc-plain keysize: 256 bits device: /dev/loop0 loop: /volume1/.@loopfiles/EncTest offset: 0 sectors size: 11619787984 sectors mode: read/write Is this a plausible setup that makes sense, or is there something wrong with this default? I have found out a few things that are making me a bit nervous: 1. The initially created empty container is "huge": it uses up 4.5GB without me storing any data inside! 2. The management interface does not seem to offer any way to create or download backups of the encryption headers for backup purposes as suggested in https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery. 3. There is an "auto-mount"option for encrypted folders that allow shutting down and rebooting the device without having to re-enter the encryption pass-phrase in order to access the encrypted folder - it is just there and mounted automatically. Not sure if this is still "secure"" or if this means that my pass-phrase is stored somewhere on the device in clear unencrypted form (I suspect the latter). So I am wondering if there are things in their setup that are fundamentally flawed. Thank you in advance! |
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
