From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Asustor NAS and cryptsetup 1.6.1
Date: Sat, 27 Dec 2014 08:38:36 +0100 [thread overview]
Message-ID: <20141227073836.GA16775@tansi.org> (raw)
In-Reply-To: <549E2C3C.7040709@gmx.net>
Please do not send HTML Email to this list....
On Sat, Dec 27, 2014 at 04:49:16 CET, msalists@gmx.net wrote:
> <html>
> <head>
>
> <meta http-equiv="content-type" content="text/html; charset=utf-8">
> </head>
> <body bgcolor="#FFFFFF" text="#000000">
> <font face="Arial">Hello,<br>
> <br>
> I am new to cryptsetup and trying to figure out some things.<br>
> The background: I purchased an Asustore AS-304T NAS device that
> uses cryptsetup to set up encrypted shared folders.<br>
> I am trying to make sure that I will be able to access all my data
> on the disks outside of the NAS device using a regular PC with
> linux installed, in case the NAS device itself fails and I need to
> get to my data.<br>
> I will probably post some questions about this later.<br>
> <br>
> For now, I have a question about the version of cryptsetup used by
> the device.<br>
> I have set up a test system with a RAID1 volume and an encrypted
> folder on it using the regular Asustor maintenance interface.<br>
> Logging in to the device as root, "cryptsetup --version" shows "cryptsetup
> 1.6.1" as installed version.<br>
> <br>
> Thus my first question: I saw that the current version seems to be
> 1.6.6<br>
> What is the status of 1.6.1? Is it a stable production release
> that can be used without problems? Or are there critical issues
> that would require using a newer version than 1.6.1 ? I went
> through the release notes of the versions above 1.6.1, but it is
> not clear how critical the fixes/changes since version 1.6.1 are<br>
> Also, what other sub-components or libraries besides cryptsetup
> should I check?<br>
> <br>
> Furthermore, using "cryptsetup status EncTest.1" to show some
> basics about the created test container shows this:<br>
> /dev/mapper/EncTest.1 is active and is in use.<br>
> type: PLAIN<br>
> cipher: aes-cbc-plain<br>
> keysize: 256 bits<br>
> device: /dev/loop0<br>
> loop: /volume1/.@loopfiles/EncTest<br>
> offset: 0 sectors<br>
> size: 11619787984 sectors<br>
> mode: read/write<br>
> <br>
> Is this a plausible setup that makes sense, or is there something
> wrong with this default?<br>
> I have found out a few things that are making me a bit nervous:<br>
> 1. The initially created empty container is "huge": </font><font
> face="Arial"><font face="Arial">it uses up 4.5GB</font> without me
> storing any data inside!<br>
> 2. The management interface does not seem to offer any way to
> create or download backups of the encryption headers for backup
> purposes as suggested in
> <a class="moz-txt-link-freetext" href="https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery">https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery</a>.<br>
> 3. There is an "auto-mount"option for encrypted folders that allow
> shutting down and rebooting the device without having to re-enter
> the encryption pass-phrase in order to access the encrypted folder
> - it is just there and mounted automatically. Not sure if this is
> still "secure"" or if this means that my pass-phrase is stored
> somewhere on the device in clear unencrypted form (I suspect the
> latter).<br>
> <br>
> So I am wondering if there are things in their setup that are
> fundamentally flawed.<br>
> <br>
> Thank you in advance!<br>
> <br>
> </font>
> </body>
> </html>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2014-12-27 7:38 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-27 3:49 [dm-crypt] Asustor NAS and cryptsetup 1.6.1 msalists
2014-12-27 7:38 ` Arno Wagner [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-12-27 7:47 msalists
2014-12-27 10:11 ` Arno Wagner
2014-12-29 19:06 ` msalists
2014-12-29 19:29 ` Quentin Lefebvre
2014-12-30 2:32 ` msalists
[not found] ` <20141230100413.GA11208@tansi.org>
2014-12-30 18:18 ` msalists
2014-12-30 19:16 ` Sven Eschenberg
2014-12-31 7:26 ` Arno Wagner
2014-12-30 0:37 ` Claudio Moretti
2014-12-30 1:00 ` msalists
2014-12-30 1:46 ` Arno Wagner
2014-12-30 2:11 ` msalists
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141227073836.GA16775@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.