TS-509 Filesystem AES Encryption Passphrase
-
- First post
- Posts: 1
- Joined: Mon May 11, 2009 7:54 pm
Re: TS-509 Filesystem AES Encryption Passphrase
thanks for the input.. very informative..
simulation assurance vie
simulation assurance vie
-
- First post
- Posts: 1
- Joined: Fri May 22, 2009 9:33 am
-
- Starting out
- Posts: 20
- Joined: Sun Jun 21, 2009 1:06 am
- Location: Berlin & Frankfurt
- Contact:
Re: TS-509 Filesystem AES Encryption Passphrase
Hi guys,
I am a newly Qnap owner, specifically the TS-239 Pro.
As I am using the encryption feature and I am also a security guy, I started to reverse engineer the qnap encryption implementation to ensure that the security is fine.
I have no clue why they make a big secret of how it works. its actually simple.
sorry guys, this post included wrong information. please read the new post below
issue 1 - minor: A good way to generate random data is to use collect some time, mac, ip address, source port of the http connection to the web gui, etc., concatinating that and running it through SHA1-256. This is then a secure enough seeding of the random number generator which is to be used. then generate random data, but before this is used, run it again through e.g. SHA1-256. And the result of that hashing is then the key to be used.
issue 2 - major: After cryptsetup was called (or an error occured beforehand) the files are deleted ... by calling unlink(). This is bad. by debugging the filesystem or using forensic tools (e.g. coroners toolkit, autopsy/sleuthkit, etc.) it is possible to recover the files in /tmp/ and by that gain access to the encrypted filesystems!
This is a serious security issue.
And the solution so simple:
before unlinking, just do a _secure_delete(FILENAME)
and here is an example function:
void _secure_delete(char *filename) {
int fd;
char buf[128];
fd = open(filename, O_RDWR | O_SYNC);
memset(buf, 0, 128);
write(fd, buf, sizeof(buf));
fsync(fd);
close(fd);
sync()
fd = open(filename, O_RDWR | O_TRUNC | O_SYNC);
fsync(fd);
close(fd);
sync();
/* unlink(filename); // do it here or afterwards ... */
}
it just overwrites the first 128 bytes with null-bytes which is enough for this special application in a secure way.
ah, and I just coded it down from mind, so it might not compile directly for one reason or another
I am a newly Qnap owner, specifically the TS-239 Pro.
As I am using the encryption feature and I am also a security guy, I started to reverse engineer the qnap encryption implementation to ensure that the security is fine.
I have no clue why they make a big secret of how it works. its actually simple.
sorry guys, this post included wrong information. please read the new post below
issue 1 - minor: A good way to generate random data is to use collect some time, mac, ip address, source port of the http connection to the web gui, etc., concatinating that and running it through SHA1-256. This is then a secure enough seeding of the random number generator which is to be used. then generate random data, but before this is used, run it again through e.g. SHA1-256. And the result of that hashing is then the key to be used.
issue 2 - major: After cryptsetup was called (or an error occured beforehand) the files are deleted ... by calling unlink(). This is bad. by debugging the filesystem or using forensic tools (e.g. coroners toolkit, autopsy/sleuthkit, etc.) it is possible to recover the files in /tmp/ and by that gain access to the encrypted filesystems!
This is a serious security issue.
And the solution so simple:
before unlinking, just do a _secure_delete(FILENAME)
and here is an example function:
void _secure_delete(char *filename) {
int fd;
char buf[128];
fd = open(filename, O_RDWR | O_SYNC);
memset(buf, 0, 128);
write(fd, buf, sizeof(buf));
fsync(fd);
close(fd);
sync()
fd = open(filename, O_RDWR | O_TRUNC | O_SYNC);
fsync(fd);
close(fd);
sync();
/* unlink(filename); // do it here or afterwards ... */
}
it just overwrites the first 128 bytes with null-bytes which is enough for this special application in a secure way.
ah, and I just coded it down from mind, so it might not compile directly for one reason or another
Last edited by marcmarc on Thu Sep 10, 2009 5:34 pm, edited 4 times in total.
-
- First post
- Posts: 1
- Joined: Mon Jul 06, 2009 10:03 am
-
- Starting out
- Posts: 20
- Joined: Sun Jun 21, 2009 1:06 am
- Location: Berlin & Frankfurt
- Contact:
Re: TS-509 Filesystem AES Encryption Passphrase
I sent the issue of course to the customer support and got this reply:
so when the next version is out I will check the implementation again.Good day, Thank you for your suggestion for our product.
We will plan to impprove the security of the implementation in next version.
Re: TS-509 Filesystem AES Encryption Passphrase
Hi,
Thanks for your digging and suggestion for our product.
We had fixed this major problem.
And we plan to release this impprove the security of the implementation in 3.1.2 version.
B.R.
Jacky Chen.
Thanks for your digging and suggestion for our product.
We had fixed this major problem.
And we plan to release this impprove the security of the implementation in 3.1.2 version.
B.R.
Jacky Chen.
-
- New here
- Posts: 8
- Joined: Wed Sep 02, 2009 8:32 pm
Re: TS-509 Filesystem AES Encryption Passphrase
Hi,
As a new owner of a TS-239 (I'm still waiting for HD's to arrive), I was wondering if the security fix applies to the latest firmware version 3.1.1 Build0815?
I'm a bit confused about the firmware release date (2009/8/17), your post date (9/01), and "we plan to release".
Best Regards,
Henrik
As a new owner of a TS-239 (I'm still waiting for HD's to arrive), I was wondering if the security fix applies to the latest firmware version 3.1.1 Build0815?
I'm a bit confused about the firmware release date (2009/8/17), your post date (9/01), and "we plan to release".
Best Regards,
Henrik
Re: TS-509 Filesystem AES Encryption Passphrase
Hi HenrikAx,
Yes.
I think the security fix will apply to the latest firmware version 3.1.2.
Best Regards,
Jacky Chen.
Yes.
I think the security fix will apply to the latest firmware version 3.1.2.
Best Regards,
Jacky Chen.
-
- New here
- Posts: 8
- Joined: Wed Sep 02, 2009 8:32 pm
Re: TS-509 Filesystem AES Encryption Passphrase
Hi Jacky
Thanks for the clarification.
BR,
Henrik
Thanks for the clarification.
BR,
Henrik
-
- Starting out
- Posts: 20
- Joined: Sun Jun 21, 2009 1:06 am
- Location: Berlin & Frankfurt
- Contact:
Re: TS-509 Filesystem AES Encryption Passphrase
The change notes of the new image do not mention the fix.
either it was forgotten to put there (bad) or it did not make it in the new image yet (bad too).
i will check the implementation in the new image next week when I have time for it.
either it was forgotten to put there (bad) or it did not make it in the new image yet (bad too).
i will check the implementation in the new image next week when I have time for it.
-
- Starting out
- Posts: 20
- Joined: Sun Jun 21, 2009 1:06 am
- Location: Berlin & Frankfurt
- Contact:
Re: TS-509 Filesystem AES Encryption Passphrase
view here for an important update!
http://forum.qnap.com/viewtopic.php?f=11&t=18863
http://forum.qnap.com/viewtopic.php?f=11&t=18863
-
- First post
- Posts: 1
- Joined: Sat May 04, 2013 7:55 pm
Re: TS-509 Filesystem AES Encryption Passphrase
I'm going to blow some air back into this discussion.
I _HAD_ a ts-509 for many years, however i have now sold it, but i still have my drives.
4*1.5 was used for a raid5, and a 1*1.5 tb drive was single drive, which was encrypted, there was never any encryption set on the raid devices.
So i put the 4*1.5 into my linux machine, assuming i would be able to mount md0, but it asks me for the luks key!
i tried entering the key i use in the webui but it didnt work.
I compiled crypt from crypt.c (however this gives me segfault?) but it returns an output when i use the qnap key together with my own key, but i cant unlock the volume anyway.
am i ** out of luck now?.
I _HAD_ a ts-509 for many years, however i have now sold it, but i still have my drives.
4*1.5 was used for a raid5, and a 1*1.5 tb drive was single drive, which was encrypted, there was never any encryption set on the raid devices.
So i put the 4*1.5 into my linux machine, assuming i would be able to mount md0, but it asks me for the luks key!
i tried entering the key i use in the webui but it didnt work.
I compiled crypt from crypt.c (however this gives me segfault?) but it returns an output when i use the qnap key together with my own key, but i cant unlock the volume anyway.
am i ** out of luck now?.