From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Sat, 27 Dec 2014 08:38:37 +0100 (CET)
Received: from gatewagner.dyndns.org (77-57-49-177.dclient.hispeed.ch
 [77.57.49.177]) by v6.tansi.org (Postfix) with ESMTPA id BEA2F20DC238
 for <dm-crypt@saout.de>; Sat, 27 Dec 2014 08:38:36 +0100 (CET)
Date: Sat, 27 Dec 2014 08:38:36 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20141227073836.GA16775@tansi.org>
References: <549E2C3C.7040709@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <549E2C3C.7040709@gmx.net>
Subject: Re: [dm-crypt] Asustor NAS and cryptsetup 1.6.1
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Please do not send HTML Email to this list....

On Sat, Dec 27, 2014 at 04:49:16 CET, msalists@gmx.net wrote:
> <html>
>   <head>
>=20
>     <meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf=
-8">
>   </head>
>   <body bgcolor=3D"#FFFFFF" text=3D"#000000">
>     <font face=3D"Arial">Hello,<br>
>       <br>
>       I am new to cryptsetup and trying to figure out some things.<br>
>       The background: I purchased an Asustore AS-304T NAS device that
>       uses cryptsetup to set up encrypted shared folders.<br>
>       I am trying to make sure that I will be able to access all my data
>       on the disks outside of the NAS device using a regular PC with
>       linux installed, in case the NAS device itself fails and I need to
>       get to my data.<br>
>       I will probably post some questions about this later.<br>
>       <br>
>       For now, I have a question about the version of cryptsetup used by
>       the device.<br>
>       I have set up a test system with a RAID1 volume and an encrypted
>       folder on it using the regular Asustor maintenance interface.<br>
>       Logging in to the device as root, "cryptsetup --version" shows "cry=
ptsetup
>       1.6.1" as installed version.<br>
>       <br>
>       Thus my first question: I saw that the current version seems to be
>       1.6.6<br>
>       What is the status of 1.6.1? Is it a stable production release
>       that can be used without problems? Or are there critical issues
>       that would require using a newer version than 1.6.1 ? I went
>       through the release notes of the versions above 1.6.1, but it is
>       not clear how critical the fixes/changes since version 1.6.1 are<br>
>       Also, what other sub-components or libraries besides cryptsetup
>       should I check?<br>
>       <br>
>       Furthermore, using "cryptsetup status EncTest.1" to show some
>       basics about the created test container shows this:<br>
>       /dev/mapper/EncTest.1 is active and is in use.<br>
>       =A0 type:=A0=A0=A0 PLAIN<br>
>       =A0 cipher:=A0 aes-cbc-plain<br>
>       =A0 keysize: 256 bits<br>
>       =A0 device:=A0 /dev/loop0<br>
>       =A0 loop:=A0=A0=A0 /volume1/.@loopfiles/EncTest<br>
>       =A0 offset:=A0 0 sectors<br>
>       =A0 size:=A0=A0=A0 11619787984 sectors<br>
>       =A0 mode:=A0=A0=A0 read/write<br>
>       <br>
>       Is this a plausible setup that makes sense, or is there something
>       wrong with this default?<br>
>       I have found out a few things that are making me a bit nervous:<br>
>       1. The initially created empty container is "huge":=A0 </font><font
>       face=3D"Arial"><font face=3D"Arial">it uses up 4.5GB</font> without=
 me
>       storing any data inside!<br>
>       2. The management interface does not seem to offer any way to
>       create or download backups of the encryption headers for backup
>       purposes as suggested in
> <a class=3D"moz-txt-link-freetext" href=3D"https://code.google.com/p/cryp=
tsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery">https://c=
ode.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Dat=
a_Recovery</a>.<br>
>       3. There is an "auto-mount"option for encrypted folders that allow
>       shutting down and rebooting the device without having to re-enter
>       the encryption pass-phrase in order to access the encrypted folder
>       - it is just there and mounted automatically. Not sure if this is
>       still "secure"" or if this means that my pass-phrase is stored
>       somewhere on the device in clear unencrypted form (I suspect the
>       latter).<br>
>       <br>
>       So I am wondering if there are things in their setup that are
>       fundamentally flawed.<br>
>       <br>
>       Thank you in advance!<br>
>       <br>
>     </font>
>   </body>
> </html>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


--=20
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of=20
"news" is "something that hardly ever happens." -- Bruce Schneier