ytddewqf Posted August 25 Share Posted August 25 (edited) Evening all, If I understand correctly, the unRaid usb boot drive can not be encrypted. However, would something like the datAshur Personal2 or Kingston Ironkey work? I appreciate that the pin would have to be manually entered each time the system was to be booted, but is there anything actually preventing either of them being used for unRaid? If not then I'll buy one of them. Edited August 25 by ytddewqf Quote Link to comment
JonathanM Posted August 26 Share Posted August 26 I don't know if anyone has ever tested one. Maybe buy from a vendor with a generous return policy and attempt to set up a trial of Unraid? 1 Quote Link to comment
ytddewqf Posted August 26 Author Share Posted August 26 1 minute ago, JonathanM said: I don't know if anyone has ever tested one. Maybe buy from a vendor with a generous return policy and attempt to set up a trial of Unraid? Thanks for taking the time to reply. I'll go ahead and purchase a "datAshur Personal2" from Amazon and give that a try, I've never had a problem returning things with them. 👍 Quote Link to comment
ConnerVT Posted August 26 Share Posted August 26 I don't know for sure how this device behaves. If it is always accessible after recognized/enabled by the system's USB controller/hub and the PIN is entered, it should work. But it seems like a bit of overkill and more of a inconvenience/risk than it is worth. If you need to re-enter the PIN every time it drops off the USB bus (glitch, reboot, power on) it will be frustrating. The other thought is what are you protecting? There really isn't much if any sensitive data stored on the Unraid boot drive (as in the basic working drive). And the boot flash should never be used as an additional data drive, as the wear of the additional reads/writes cause premature failure. It is hard for me to see what the value add is for this. 1 Quote Link to comment
ytddewqf Posted August 26 Author Share Posted August 26 (edited) 23 minutes ago, ConnerVT said: I don't know for sure how this device behaves. If it is always accessible after recognized/enabled by the system's USB controller/hub and the PIN is entered, it should work. But it seems like a bit of overkill and more of a inconvenience/risk than it is worth. If you need to re-enter the PIN every time it drops off the USB bus (glitch, reboot, power on) it will be frustrating. The other thought is what are you protecting? There really isn't much if any sensitive data stored on the Unraid boot drive (as in the basic working drive). And the boot flash should never be used as an additional data drive, as the wear of the additional reads/writes cause premature failure. It is hard for me to see what the value add is for this. From my understanding of those two drives, once unlocked via pin, they remain unlocked until power is lost to the drive. No additional software is required for operation, it is all handled onboard the device. Fingers crossed it should not cause any issues. You make a fair point. I don't have anything exciting on the usb, other than the standard system files. Am I right in thinking though that information is stored in plain text, or is it obfuscated to an extent? My honest reason for looking at this is that a few weeks back an £800 transaction was made on one of my bank cards by Ticketmaster (US), I don't even have a Ticketmaster account, nor did they know anything about it. Anyway, luckily my bank reimbursed me and since then I've been on a bit of a tinfoil hat crusade, degoogling, password and security hardening, closing old inactive accounts via 'right to erasure' letters. After all that, the only thing I had left to look at was my unRaid usb......I think it's time I come out from hiding under my bed and get back on with my life. 😂 It's been a fun few weeks. Edited August 26 by ytddewqf Quote Link to comment
itimpi Posted August 26 Share Posted August 26 The flash drive only has Unraid configuration information. If you want to secure data in Unraid the way to do this is to encrypt the drives containing sensitive data (which is something Unraid supports). This does mean, however, that you have to either enter the pass phrase/data each time you boot to enable the drives to be decrypted while Unraid is running.. Users have tried to automate providing this phase but all methods have some sort of weakness. 1 Quote Link to comment
ytddewqf Posted August 26 Author Share Posted August 26 16 minutes ago, itimpi said: The flash drive only has Unraid configuration information. If you want to secure data in Unraid the way to do this is to encrypt the drives containing sensitive data (which is something Unraid supports). This does mean, however, that you have to either enter the pass phrase/data each time you boot to enable the drives to be decrypted while Unraid is running.. Users have tried to automate providing this phase but all methods have some sort of weakness. Thanks for clarifying for me. As I already use encryption on the array, I think I might need to divert my attention elsewhere then.....I'm sure I'll find something that needs correcting in my setup. Thanks everyone. 🤝 Quote Link to comment
ConnerVT Posted August 26 Share Posted August 26 49 minutes ago, ytddewqf said: My honest reason for looking at this is that a few weeks back an £800 transaction was made on one of my bank cards by Ticketmaster (US) What is likely to have happened is that your card information was stolen by someone involved in the payment processing chain from a legitimate (online?) purchase. I had this happen to me about a dozen years back. I lost my wedding band (which I later found) so I purchased a new one online. I used a card which I almost never use. A few months later, I got a call from a shipper that someone wanted to redirect a shipment I was to get. But I wasn't expecting a shipment. Ended up receiving a laptop computer I didn't order, on that card. The credit card company was very good about this. Cancelled that charge, and several others for international shipping to somewhere in eastern Europe. I even got to keep the laptop. This is much more likely than someone compromising your Unraid server, unless you are someone who lives fast and loose on the Internet. 1 Quote Link to comment
ytddewqf Posted August 26 Author Share Posted August 26 (edited) 3 hours ago, ConnerVT said: What is likely to have happened is that your card information was stolen by someone involved in the payment processing chain from a legitimate (online?) purchase. I had this happen to me about a dozen years back. I lost my wedding band (which I later found) so I purchased a new one online. I used a card which I almost never use. A few months later, I got a call from a shipper that someone wanted to redirect a shipment I was to get. But I wasn't expecting a shipment. Ended up receiving a laptop computer I didn't order, on that card. The credit card company was very good about this. Cancelled that charge, and several others for international shipping to somewhere in eastern Europe. I even got to keep the laptop. This is much more likely than someone compromising your Unraid server, unless you are someone who lives fast and loose on the Internet. 😯 Crafty gits. At least you got a new laptop out of it. I've started to use the "freeze card" function on my Curve Card whenever I'm not using it, took me a few weeks to get used to it, now it's not a hassle. Edited August 26 by ytddewqf Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.