Jump to content
IamSpartacus

Where does disk encryption stand?

108 posts in this topic Last Reply

Recommended Posts

I have been watching this thread and I wonder, how is it that FreeNAS/ZFS can have encrypted drives and autostart the NAS volumes without requiring the user to supply a password or a keyfile?

 

Not trying to cause problems, just curious how it is that they can do it?

 

Thanks!

 

Edited by tuxfania
Line added

Share this post


Link to post
6 hours ago, tuxfania said:

I have been watching this thread and I wonder, how is it that FreeNAS/ZFS can have encrypted drives and autostart the NAS volumes without requiring the user to supply a password or a keyfile?

Why would you want an encrypted volume that doesn't require authentication of some kind to decrypt?

Share this post


Link to post

But autostart pretty much means that nobody has to authenticate. If it will start up automatically with all the data accessible, how is that secure?

30 minutes ago, tuxfania said:

It must do some sort of authentication, I just don't know how? :)

Authentication means that someone has to authenticate before the data is accessible, so it's unclear what you are really asking for.

Share this post


Link to post

I guess another possibility is some sort of "dongle" that can be removed and put in some secure place when the data needs to be locked. Is there anything like that going on?

 

And of course there are other hardware solutions possible, like some sort of biometrics. It would still require a person to do something before it could "autostart" though, so not really autostart as it's usually meant.

 

Keyfile, password, dongle, biometrics, etc. All types of authentication that requires somebody to intervene to unlock and/or lock the data. So not completely automatic and it couldn't be secure if it was completely automatic.

Share this post


Link to post

Answered my own question...I went back and reviewed the video I saw it in...it's basic encryption using a GELI key stored on the boot drive, not passphrase encryption which would require that be entered at boot.

 

They suggested basic encryption since it's helpful to use in the event a drive fails and you have to send it in for warranty...you don't have to worry about the data on it being read.  The basic encryption wouldn't help if your rig gets stolen.

 

Share this post


Link to post
1 hour ago, tuxfania said:

Answered my own question...I went back and reviewed the video I saw it in...it's basic encryption using a GELI key stored on the boot drive, not passphrase encryption which would require that be entered at boot.

 

They suggested basic encryption since it's helpful to use in the event a drive fails and you have to send it in for warranty...you don't have to worry about the data on it being read.  The basic encryption wouldn't help if your rig gets stolen.

 

 

This can be accomplished by saving your encryption keyfile somewhere on your USB flash boot device, maybe in 'config' directory.  Then edit your 'go' file and put this just before emhttp is started:

 

ln -s /boot/config/keyfile /root

 

Edit: be sure and make a backup of your USB flash device: Main/Flash click Flash Backup to download a zip of your USB flash contents.  Note that this zip file can be fed into our USB Creator tool if needed to migrate to a new USB flash device.

Edited by limetech

Share this post


Link to post
6 hours ago, limetech said:

 

This can be accomplished by saving your encryption keyfile somewhere on your USB flash boot device, maybe in 'config' directory.  Then edit your 'go' file and put this just before emhttp is started:

 


ln -s /boot/config/keyfile /root

 

Edit: be sure and make a backup of your USB flash device: Main/Flash click Flash Backup to download a zip of your USB flash contents.  Note that this zip file can be fed into our USB Creator tool if needed to migrate to a new USB flash device.

Thanks...this was very helpful!  :)

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now