[dm-crypt] Asustor NAS and cryptsetup 1.6.1

msalists at gmx.net msalists at gmx.net
Sat Dec 27 08:47:10 CET 2014


Hello,

sorry for my original post, did not mean it to come across as HTML. Here 
it is again in plain-text (hopefully!!!)...

I am new to cryptsetup and trying to figure out some things.
The background: I purchased an Asustore AS-304T NAS device that uses 
cryptsetup to set up encrypted shared folders.
I am trying to make sure that I will be able to access all my data on 
the disks outside of the NAS device using a regular PC with linux 
installed, in case the NAS device itself fails and I need to get to my data.
I will probably post some questions about this later.

For now, I have a question about the version of cryptsetup used by the 
device.
I have set up a test system with a RAID1 volume and an encrypted folder 
on it using the regular Asustor maintenance interface.
Logging in to the device as root, "cryptsetup --version" shows 
"cryptsetup 1.6.1" as installed version.

Thus my first question: I saw that the current version seems to be 1.6.6
What is the status of 1.6.1? Is it a stable production release that can 
be used without problems? Or are there critical issues that would 
require using a newer version than 1.6.1 ? I went through the release 
notes of the versions above 1.6.1, but it is not clear how critical the 
fixes/changes since version 1.6.1 are
Also, what other sub-components or libraries besides cryptsetup should I 
check?

Furthermore, using "cryptsetup status EncTest.1" to show some basics 
about the created test container shows this:
/dev/mapper/EncTest.1 is active and is in use.
   type:    PLAIN
   cipher:  aes-cbc-plain
   keysize: 256 bits
   device:  /dev/loop0
   loop:    /volume1/. at loopfiles/EncTest
   offset:  0 sectors
   size:    11619787984 sectors
   mode:    read/write

Is this a plausible setup that makes sense, or is there something wrong 
with this default?
I have found out a few things that are making me a bit nervous:
1. The initially created empty container is "huge": it uses up 45GB 
without me storing any data inside!
2. The management interface does not seem to offer any way to create or 
download backups of the encryption headers for backup purposes as 
suggested in 
https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery.
3. There is an "auto-mount"option for encrypted folders that allow 
shutting down and rebooting the device without having to re-enter the 
encryption pass-phrase in order to access the encrypted folder - it is 
just there and mounted automatically. Not sure if this is still 
"secure"" or if this means that my pass-phrase is stored somewhere on 
the device in clear unencrypted form (I suspect the latter).

So I am wondering if there are things in their setup that are 
fundamentally flawed.

Thank you in advance!



More information about the dm-crypt mailing list