Please do not send HTML Email to this list.... On Sat, Dec 27, 2014 at 04:49:16 CET, msalists@xxxxxxx wrote: > <html> > <head> > > <meta http-equiv="content-type" content="text/html; charset=utf-8"> > </head> > <body bgcolor="#FFFFFF" text="#000000"> > <font face="Arial">Hello,<br> > <br> > I am new to cryptsetup and trying to figure out some things.<br> > The background: I purchased an Asustore AS-304T NAS device that > uses cryptsetup to set up encrypted shared folders.<br> > I am trying to make sure that I will be able to access all my data > on the disks outside of the NAS device using a regular PC with > linux installed, in case the NAS device itself fails and I need to > get to my data.<br> > I will probably post some questions about this later.<br> > <br> > For now, I have a question about the version of cryptsetup used by > the device.<br> > I have set up a test system with a RAID1 volume and an encrypted > folder on it using the regular Asustor maintenance interface.<br> > Logging in to the device as root, "cryptsetup --version" shows "cryptsetup > 1.6.1" as installed version.<br> > <br> > Thus my first question: I saw that the current version seems to be > 1.6.6<br> > What is the status of 1.6.1? Is it a stable production release > that can be used without problems? Or are there critical issues > that would require using a newer version than 1.6.1 ? I went > through the release notes of the versions above 1.6.1, but it is > not clear how critical the fixes/changes since version 1.6.1 are<br> > Also, what other sub-components or libraries besides cryptsetup > should I check?<br> > <br> > Furthermore, using "cryptsetup status EncTest.1" to show some > basics about the created test container shows this:<br> > /dev/mapper/EncTest.1 is active and is in use.<br> > type: PLAIN<br> > cipher: aes-cbc-plain<br> > keysize: 256 bits<br> > device: /dev/loop0<br> > loop: /volume1/.@loopfiles/EncTest<br> > offset: 0 sectors<br> > size: 11619787984 sectors<br> > mode: read/write<br> > <br> > Is this a plausible setup that makes sense, or is there something > wrong with this default?<br> > I have found out a few things that are making me a bit nervous:<br> > 1. The initially created empty container is "huge": </font><font > face="Arial"><font face="Arial">it uses up 4.5GB</font> without me > storing any data inside!<br> > 2. The management interface does not seem to offer any way to > create or download backups of the encryption headers for backup > purposes as suggested in > <a class="moz-txt-link-freetext" href="https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery";>https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery</a>.<br> > 3. There is an "auto-mount"option for encrypted folders that allow > shutting down and rebooting the device without having to re-enter > the encryption pass-phrase in order to access the encrypted folder > - it is just there and mounted automatically. Not sure if this is > still "secure"" or if this means that my pass-phrase is stored > somewhere on the device in clear unencrypted form (I suspect the > latter).<br> > <br> > So I am wondering if there are things in their setup that are > fundamentally flawed.<br> > <br> > Thank you in advance!<br> > <br> > </font> > </body> > </html> > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
