Asustor NAS and cryptsetup 1.6.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

sorry for my original post, did not mean it to come across as HTML. Here it is again in plain-text (hopefully!!!)...

I am new to cryptsetup and trying to figure out some things.
The background: I purchased an Asustore AS-304T NAS device that uses cryptsetup to set up encrypted shared folders. I am trying to make sure that I will be able to access all my data on the disks outside of the NAS device using a regular PC with linux installed, in case the NAS device itself fails and I need to get to my data.
I will probably post some questions about this later.

For now, I have a question about the version of cryptsetup used by the device. I have set up a test system with a RAID1 volume and an encrypted folder on it using the regular Asustor maintenance interface. Logging in to the device as root, "cryptsetup --version" shows "cryptsetup 1.6.1" as installed version.

Thus my first question: I saw that the current version seems to be 1.6.6
What is the status of 1.6.1? Is it a stable production release that can be used without problems? Or are there critical issues that would require using a newer version than 1.6.1 ? I went through the release notes of the versions above 1.6.1, but it is not clear how critical the fixes/changes since version 1.6.1 are Also, what other sub-components or libraries besides cryptsetup should I check?

Furthermore, using "cryptsetup status EncTest.1" to show some basics about the created test container shows this:
/dev/mapper/EncTest.1 is active and is in use.
  type:    PLAIN
  cipher:  aes-cbc-plain
  keysize: 256 bits
  device:  /dev/loop0
  loop:    /volume1/.@loopfiles/EncTest
  offset:  0 sectors
  size:    11619787984 sectors
  mode:    read/write

Is this a plausible setup that makes sense, or is there something wrong with this default?
I have found out a few things that are making me a bit nervous:
1. The initially created empty container is "huge": it uses up 45GB without me storing any data inside! 2. The management interface does not seem to offer any way to create or download backups of the encryption headers for backup purposes as suggested in https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery. 3. There is an "auto-mount"option for encrypted folders that allow shutting down and rebooting the device without having to re-enter the encryption pass-phrase in order to access the encrypted folder - it is just there and mounted automatically. Not sure if this is still "secure"" or if this means that my pass-phrase is stored somewhere on the device in clear unencrypted form (I suspect the latter).

So I am wondering if there are things in their setup that are fundamentally flawed.

Thank you in advance!

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt



[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux