OneCD wrote:Agreed. I'm not a security professional, so I welcome any feedback from those who are.
Me neither, but I´ve been interested in IT security topics for some time. Unfortunately one needs to be a mathematical algorithm wizard to be able to assess encryption security.
OneCD wrote:My intention here was to contain the unlock password in a secure environment (within the NAS) instead of keeping it out in the open (on a USB stick).
The DOM is no such environment. Technically it is an internally attached USB flash drive.
What you need here is special hardware for this. Something like Wikipedia (en): Trusted Platform Module
TPM is implemented using dedicated secured hardware on the mainboard. From what I´ve read, it is frowned upon by the open source/open hardware community for being an proprietary and inaccessible gatekeeper on mainboards that prevent e.g. Linux systems from booting from it.
OneCD wrote:It was only to prevent the average person copying the USB stick (and associated identifier).
There are tons of simple disk imaging softwares out there. In fact any backup software is capable of copying such sticks with 3 simple buttons: "Select Source", "Select Target", "Go".
Someone trying to break into your server definately won´t use Windows Explorer or the MacOS one to copy your decryption flash drive.
Imho: Not worth implementing without dedicated hardware, like special USB dongles.