[dm-crypt] Asustor NAS and cryptsetup 1.6.1

Sven Eschenberg sven at whgl.uni-frankfurt.de
Tue Dec 30 20:16:48 CET 2014


Hummm, good question.

I think backwards. ecryptfs basicly does a per file encryption. So you'll
have a normal filesystem which holds encrypted files. The downside is bad
performance as it uses FUSE, it potentiolly discloses the structure of the
filesystem (while filenames are scrambled the tree structure is visible).
It is easier to backup as you can easily backup the encrypted files and do
not need to dump the whole block device. (The price for this is disclosing
the fs structure)

Regards

-Sven


On Tue, December 30, 2014 19:18, msalists at gmx.net wrote:
> They are reluctant to give out any details, but are saying that they
> will be releasing a new version of their software in the coming weeks
> that uses ecryptfs instead.
> Is this a step forward or backward (or rather just "sideways")?
>
> Mark
>
> On 2014-12-30 02:04, Arno Wagner wrote:
>> On Tue, Dec 30, 2014 at 03:32:58 CET, msalists at gmx.net wrote:
>>> On 2014-12-29 11:29, Quentin Lefebvre wrote:
>>>> On 29/12/2014 20:06, msalists at gmx.net wrote :
>>>>> Assuming I did create the container with aes-cbc-essiv:sha256; would
>>>>> cryptsetup automatically figure out the correct parameters when it is
>>>>> subsequently called without those parameters to mount the container?
>>>>> Or do non-default parameters at creation time require the same
>>>>> non-default parameters again for subsequent mounts?
>>>> As you may have understood, in plain mode, there is no header, so
>>>> no way for cryptsetup to guess the algorithm used. Thus, if it is
>>>> a non-default one, it must be specified also at mount time.
>>>>
>>> Hm, makes sense. Is there some kind of a config file that I could
>>> specify the parameters in, and that would be read prior to using the
>>> defaults - similar to how some parameters for mount can be specified
>>> in /etc/fstab ?
>> Only if the NAS-makers added one. cryptsetup does not have
>> a mechanism for this.
>>
>> Arno
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list