From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <msalists@gmx.net>
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sat, 27 Dec 2014 04:49:20 +0100 (CET)
Received: from [192.168.99.197] ([70.187.182.227]) by mail.gmx.com (mrgmx002)
 with ESMTPSA (Nemesis) id 0LngNT-1XNgiO1Gcp-00hxzp for
 <dm-crypt@saout.de>; Sat, 27 Dec 2014 04:49:19 +0100
Message-ID: <549E2C3C.7040709@gmx.net>
Date: Fri, 26 Dec 2014 19:49:16 -0800
From: "msalists@gmx.net" <msalists@gmx.net>
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 8bit
Subject: [dm-crypt] Asustor NAS and cryptsetup 1.6.1
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Arial">Hello,<br>
      <br>
      I am new to cryptsetup and trying to figure out some things.<br>
      The background: I purchased an Asustore AS-304T NAS device that
      uses cryptsetup to set up encrypted shared folders.<br>
      I am trying to make sure that I will be able to access all my data
      on the disks outside of the NAS device using a regular PC with
      linux installed, in case the NAS device itself fails and I need to
      get to my data.<br>
      I will probably post some questions about this later.<br>
      <br>
      For now, I have a question about the version of cryptsetup used by
      the device.<br>
      I have set up a test system with a RAID1 volume and an encrypted
      folder on it using the regular Asustor maintenance interface.<br>
      Logging in to the device as root, "cryptsetup --version" shows "cryptsetup
      1.6.1" as installed version.<br>
      <br>
      Thus my first question: I saw that the current version seems to be
      1.6.6<br>
      What is the status of 1.6.1? Is it a stable production release
      that can be used without problems? Or are there critical issues
      that would require using a newer version than 1.6.1 ? I went
      through the release notes of the versions above 1.6.1, but it is
      not clear how critical the fixes/changes since version 1.6.1 are<br>
      Also, what other sub-components or libraries besides cryptsetup
      should I check?<br>
      <br>
      Furthermore, using "cryptsetup status EncTest.1" to show some
      basics about the created test container shows this:<br>
      /dev/mapper/EncTest.1 is active and is in use.<br>
        type:    PLAIN<br>
        cipher:  aes-cbc-plain<br>
        keysize: 256 bits<br>
        device:  /dev/loop0<br>
        loop:    /volume1/.@loopfiles/EncTest<br>
        offset:  0 sectors<br>
        size:    11619787984 sectors<br>
        mode:    read/write<br>
      <br>
      Is this a plausible setup that makes sense, or is there something
      wrong with this default?<br>
      I have found out a few things that are making me a bit nervous:<br>
      1. The initially created empty container is "huge":  </font><font
      face="Arial"><font face="Arial">it uses up 4.5GB</font> without me
      storing any data inside!<br>
      2. The management interface does not seem to offer any way to
      create or download backups of the encryption headers for backup
      purposes as suggested in
<a class="moz-txt-link-freetext" href="https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery">https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery</a>.<br>
      3. There is an "auto-mount"option for encrypted folders that allow
      shutting down and rebooting the device without having to re-enter
      the encryption pass-phrase in order to access the encrypted folder
      - it is just there and mounted automatically. Not sure if this is
      still "secure"" or if this means that my pass-phrase is stored
      somewhere on the device in clear unencrypted form (I suspect the
      latter).<br>
      <br>
      So I am wondering if there are things in their setup that are
      fundamentally flawed.<br>
      <br>
      Thank you in advance!<br>
      <br>
    </font>
  </body>
</html>