Hello,
sorry for my original post, did not mean it to come across as HTML. Here
it is again in plain-text (hopefully!!!)...
I am new to cryptsetup and trying to figure out some things.
The background: I purchased an Asustore AS-304T NAS device that uses
cryptsetup to set up encrypted shared folders.
I am trying to make sure that I will be able to access all my data on
the disks outside of the NAS device using a regular PC with linux
installed, in case the NAS device itself fails and I need to get to my data.
I will probably post some questions about this later.
For now, I have a question about the version of cryptsetup used by the
device.
I have set up a test system with a RAID1 volume and an encrypted folder
on it using the regular Asustor maintenance interface.
Logging in to the device as root, "cryptsetup --version" shows
"cryptsetup 1.6.1" as installed version.
Thus my first question: I saw that the current version seems to be 1.6.6
What is the status of 1.6.1? Is it a stable production release that can
be used without problems? Or are there critical issues that would
require using a newer version than 1.6.1 ? I went through the release
notes of the versions above 1.6.1, but it is not clear how critical the
fixes/changes since version 1.6.1 are
Also, what other sub-components or libraries besides cryptsetup should I
check?
Furthermore, using "cryptsetup status EncTest.1" to show some basics
about the created test container shows this:
/dev/mapper/EncTest.1 is active and is in use.
type: PLAIN
cipher: aes-cbc-plain
keysize: 256 bits
device: /dev/loop0
loop: /volume1/.@loopfiles/EncTest
offset: 0 sectors
size: 11619787984 sectors
mode: read/write
Is this a plausible setup that makes sense, or is there something wrong
with this default?
I have found out a few things that are making me a bit nervous:
1. The initially created empty container is "huge": it uses up 45GB
without me storing any data inside!
2. The management interface does not seem to offer any way to create or
download backups of the encryption headers for backup purposes as
suggested in
https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery.
3. There is an "auto-mount"option for encrypted folders that allow
shutting down and rebooting the device without having to re-enter the
encryption pass-phrase in order to access the encrypted folder - it is
just there and mounted automatically. Not sure if this is still
"secure"" or if this means that my pass-phrase is stored somewhere on
the device in clear unencrypted form (I suspect the latter).
So I am wondering if there are things in their setup that are
fundamentally flawed.
Thank you in advance!
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
