Encrypted array. Can it be unlocked more easily?

[Derek_]

New guy here. I don't plan to keep my brand new old-hardware unRAID server on all night, i figure i'll set it to sleep (if i can figure out how to wake it up again!).

 

My array is encrypted, but my family will want to start the server and the only way i can see to do it atm is to go to the IP address, then into the MAIN tab, then enter a password, and select 'START'. Not very family friendly.

 

It'd be great if there was a browser extension, or even just a pretty GUI for when the server is up, asking for that password. I could save a bookmark in their browser and they can go there - enter the password and click "START" (no other unnecessary information presented). Perhaps the url could be: http://192.168.1.100/Start    (random IP example).

 

I know there's an option to use a key, but saving that on the USB is not cool. Using FTP or something to have the key stored elsewhere is a bit of work, and still not great.

 

Are there any existing options? Or can i make this a feature suggestion somewhere?

 

Thanks.

[Derek_]

I've decided to lodge a feature request. It doesn't look like there's a 'nice' way to do it. So why not ask for one

 

 

 

[primeval_god]

On 11/6/2019 at 3:59 AM, Derek_ said:

New guy here. I don't plan to keep my brand new old-hardware unRAID server on all night, i figure i'll set it to sleep (if i can figure out how to wake it up again!).

 

My array is encrypted, but my family will want to start the server and the only way i can see to do it atm is to go to the IP address, then into the MAIN tab, then enter a password, and select 'START'. Not very family friendly.

I dont use array encryption myself so I am not completely sure about this, but if you have your server sleeping that wont cause the array to lock will it? I used the the S3 sleep plugin myself for quite some time (the only method of sleep i am aware of for unRAID). If i remember correctly S3/Standby leaves the array mounted and thus unlocked. 

[Dissones4U]

Sleep shouldn't be a big deal, any activity should cause the array to spin up. Regarding the encryption, is the entire array encrypted? Personally I don't use encryption with unRAID but, if I remember correctly, I think you have to encrypt each disk in its entirety rather than cherry picking directories like you might with Ext4 for example. Perhaps in the short term, assuming you can mix encrypted and non-encrypted disks, you can add a non-encrypted disk to the array and move the family content there. I know it's not ideal but it may offer a relatively easy work around.

[Derek_]

Hi guys. It did not occur to me that sleep wouldn't require the array/encryption password to unlock. So i tested it and you're right - it does not. Now to figure out how to wake up my box by WOL or something 🤔

 

My entire array is encrypted (well, parity doesn't encrypt, because it doesn't contain data per se - though i'd be interested to know how secure that is). I use encryption across the whole device because of the risk of physical theft.

 

I still like the idea of IP/Start so people can input the password to start the array without having to enter a comparatively complicated GUI but i guess its less important than i thought.

Edited November 11, 2019 by Derek_

[John_M]

On 11/11/2019 at 7:22 AM, Derek_ said:

though i'd be interested to know how secure that is

Each block of parity is calculated by logically XORing together the blocks at the same logical address from all the data disks. On its own it's meaningless. If you have only one data disk then parity is identical to the contents of that disk.