From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Asustor NAS and cryptsetup 1.6.1
Date: Sat, 27 Dec 2014 08:38:36 +0100 [thread overview]
Message-ID: <20141227073836.GA16775@tansi.org> (raw)
In-Reply-To: <549E2C3C.7040709@gmx.net>
Please do not send HTML Email to this list....
On Sat, Dec 27, 2014 at 04:49:16 CET, msalists@gmx.net wrote:
> <html>
> <head>
>
> <meta http-equiv="content-type" content="text/html; charset=utf-8">
> </head>
> <body bgcolor="#FFFFFF" text="#000000">
> <font face="Arial">Hello,<br>
> <br>
> I am new to cryptsetup and trying to figure out some things.<br>
> The background: I purchased an Asustore AS-304T NAS device that
> uses cryptsetup to set up encrypted shared folders.<br>
> I am trying to make sure that I will be able to access all my data
> on the disks outside of the NAS device using a regular PC with
> linux installed, in case the NAS device itself fails and I need to
> get to my data.<br>
> I will probably post some questions about this later.<br>
> <br>
> For now, I have a question about the version of cryptsetup used by
> the device.<br>
> I have set up a test system with a RAID1 volume and an encrypted
> folder on it using the regular Asustor maintenance interface.<br>
> Logging in to the device as root, "cryptsetup --version" shows "cryptsetup
> 1.6.1" as installed version.<br>
> <br>
> Thus my first question: I saw that the current version seems to be
> 1.6.6<br>
> What is the status of 1.6.1? Is it a stable production release
> that can be used without problems? Or are there critical issues
> that would require using a newer version than 1.6.1 ? I went
> through the release notes of the versions above 1.6.1, but it is
> not clear how critical the fixes/changes since version 1.6.1 are<br>
> Also, what other sub-components or libraries besides cryptsetup
> should I check?<br>
> <br>
> Furthermore, using "cryptsetup status EncTest.1" to show some
> basics about the created test container shows this:<br>
> /dev/mapper/EncTest.1 is active and is in use.<br>
> type: PLAIN<br>
> cipher: aes-cbc-plain<br>
> keysize: 256 bits<br>
> device: /dev/loop0<br>
> loop: /volume1/.@loopfiles/EncTest<br>
> offset: 0 sectors<br>
> size: 11619787984 sectors<br>
> mode: read/write<br>
> <br>
> Is this a plausible setup that makes sense, or is there something
> wrong with this default?<br>
> I have found out a few things that are making me a bit nervous:<br>
> 1. The initially created empty container is "huge": </font><font
> face="Arial"><font face="Arial">it uses up 4.5GB</font> without me
> storing any data inside!<br>
> 2. The management interface does not seem to offer any way to
> create or download backups of the encryption headers for backup
> purposes as suggested in
> <a class="moz-txt-link-freetext" href="https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery">https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery</a>.<br>
> 3. There is an "auto-mount"option for encrypted folders that allow
> shutting down and rebooting the device without having to re-enter
> the encryption pass-phrase in order to access the encrypted folder
> - it is just there and mounted automatically. Not sure if this is
> still "secure"" or if this means that my pass-phrase is stored
> somewhere on the device in clear unencrypted form (I suspect the
> latter).<br>
> <br>
> So I am wondering if there are things in their setup that are
> fundamentally flawed.<br>
> <br>
> Thank you in advance!<br>
> <br>
> </font>
> </body>
> </html>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2014-12-27 7:38 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-27 3:49 [dm-crypt] Asustor NAS and cryptsetup 1.6.1 msalists
2014-12-27 7:38 ` Arno Wagner [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-12-27 7:47 msalists
2014-12-27 10:11 ` Arno Wagner
2014-12-29 19:06 ` msalists
2014-12-29 19:29 ` Quentin Lefebvre
2014-12-30 2:32 ` msalists
[not found] ` <20141230100413.GA11208@tansi.org>
2014-12-30 18:18 ` msalists
2014-12-30 19:16 ` Sven Eschenberg
2014-12-31 7:26 ` Arno Wagner
2014-12-30 0:37 ` Claudio Moretti
2014-12-30 1:00 ` msalists
2014-12-30 1:46 ` Arno Wagner
2014-12-30 2:11 ` msalists
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141227073836.GA16775@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox