Page 1 of 1

Re: Faulty disk encryption implementation?

Posted: Thu Mar 19, 2009 4:45 pm
by petur
Jeroen1000 wrote:Does Qnap provide SSH access to the NAS? This way one who has an encyption enabled Qnap may be able to reveal what Qnap is doing. But this possibly voids warranty ...
Yes, you can even configure what port it listens on. Doesn't void the warranty. Login is admin only, unless you replace it with OpenSSH (search this forum on how to replace)

Re: Faulty disk encryption implementation?

Posted: Sun Apr 26, 2009 3:23 am
by AndyChuo
peris wrote: It seems that you use a passphrase to protect the real AES encrypton/decryption key in stead of allowing the user to select to input the real key directly (probably protected by a asymmetric algorithm).
Is that correct?
Yes.
If that is the case the strenght of the mechanism (for confidentialiy) is much much lower than it should be and below what you can create with freeNAS-type of distributions if you know what you are doing. One problem is that the asymmetric passphrase-unlock mechanism is weaker than the symmetric AES algorithm (weakest link in the chain decides the strenght of the chain). But the big problem in this approach is that you might for example have added a separate backdoor passphrase that your tech support can use to unlock customer disks if we forget the passphrase. I do understand the need for such a mode of operation, but please understand that backdoors (if present) always leak (and for people that actually are interested in using encryption there is no way we can trust a implementation that allows for back-doors).
No, there's no such back door you mentioned.
So, what I'd like to see is an "high security (confidentiality)" option (checkbox in GUI) to input the AES256 key myself (from the keyboard, or by temporary inserting an USB drive with the key in a file) the few times I do need to restart/upgrade (users of higher end models use UPS to protect from power failures). Should be really easy to implment (mostly just sidestepping the passphrase part thus avoiding weaking the mechanism).
Is this available or (when) will this be available?
Yes, we are now considering adding this option for users to input their own AES256 key themselves. Details will be anounced once they are available.

See my other replies for your other concerns regarding to the disk encryption feature.


Thanks

Re: Faulty disk encryption implementation?

Posted: Sun Apr 26, 2009 8:52 pm
by peris
QNAPAndy wrote:
peris wrote:]So, what I'd like to see is an "high security (confidentiality)" option (checkbox in GUI) to input the AES256 key myself (from the keyboard, or by temporary inserting an USB drive with the key in a file) the few times I do need to restart/upgrade (users of higher end models use UPS to protect from power failures). Should be really easy to implment (mostly just sidestepping the passphrase part thus avoiding weaking the mechanism).
Is this available or (when) will this be available?
Yes, we are now considering adding this option for users to input their own AES256 key themselves. Details will be anounced once they are available.
Thanks for answering.
Looking forward to a "bring your own AES key" option.

You also might consider having an option to get the AES key generated, but omitting the extra key management and thus beeing able to manage luks from the command-line and avoid assurance issues.

Re: Faulty disk encryption implementation?

Posted: Sun Oct 18, 2009 11:10 am
by Korrel
Important new information can be found here:

http://forum.qnap.com/viewtopic.php?f=11&t=18863