Google: "luks encryption automatically unlock"
Look also at the crypttab documentation where you can add your text file keys and map them to each encrypted volume so they will unlock during boot.
What would be the use case?
An encryption scheme where the encryption is automatically unlocked during reboot seem pretty useless to me. Why even bother?
I would assume that the point is to deny unauthorized access to the data in case of theft? Or at least guarantee that the data is unavailable after any form of power cycling?
hi boombuia,
ive planned something similar like you, but I have never implemented it... I found this article a while ago, maybe it helps.
You should rethink your idea, to us ftp for remote file access. its a very unsafe, old protocol.
I'm using nextcloud (docker) to access and share my files to various clients and I'm pretty happy with it. But maybe thats another use case.
p.parker
Alles anzeigenhello,
The idea is to prevent access to personal information in case of a theft. Even if the drive is automatically unlocked, you would still need to login to the NAS to get access to the files, right? and if the drive is removed from the case, it would be encrypted. So I will look into crypttab for this purpose, thanks for the pointer.
But perhaps I need to learn how others are dealing with drive encryption, as there might be an easier way for my use case.
I am planning to access the NAS from remote locations via FTP - but maybe I can use another method, which could allow me to run a script remotely to unlock and mount the drive only when needed? I need this to be "wife" ready, so automation is key.
thanks!
VeraCrypt.... 
ftp for remote file access. its a very unsafe, old protocol.
Old? Of course.
Unsafe? Well no, only when you use naked without tls.
That's what FTPS exists for. I use for years I had no problems with session security.
The idea is to prevent access to personal information in case of a theft. Even if the drive is automatically unlocked, you would still need to login to the NAS to get access to the files, right? and if the drive is removed from the case, it would be encrypted.
With access to the hardware, it takes <15 minutes to change the root password.
And then the key is stored and all data available to the thief.
Greetings,
Hendrik
Only when you take a tea break.
Changing the root password on an unencrypted disk is just a paste a new hash in shadow...
Alles anzeigenhello,
The idea is to prevent access to personal information in case of a theft. Even if the drive is automatically unlocked, you would still need to login to the NAS to get access to the files, right? and if the drive is removed from the case, it would be encrypted. So I will look into crypttab for this purpose, thanks for the pointer.
But perhaps I need to learn how others are dealing with drive encryption, as there might be an easier way for my use case.
I am planning to access the NAS from remote locations via FTP - but maybe I can use another method, which could allow me to run a script remotely to unlock and mount the drive only when needed? I need this to be "wife" ready, so automation is key.
thanks!
the root drive isn’t encrypted, if the keys are stored there is just matter of reading the crypttab to know where they are. What makes you think they are going to boot the actual os, any educated Tech user would just plug the root hdd into another station to see what is dealing with.
Are you sure? Is the only threat model the physical theft of a data disk? What about online penetration?
I would be more concerned with online threats than with physical theft, although you should protect yourself against this.
Everything comes to the question of what data and how and when it must be available. Do they need to be decrypted on the NAS? Can you transfer this vector to the user's destination machine?
If the data does not have to be directly available on the NAS, I would personally consider the encrypted container. Which always remains encrypted on the NAS at all times. No matter whether the physical or online threat the data is always encrypted. And the entire decryption process takes place only on the user's target machine. In this way, you eliminate the consequences of online penetration and data leakage, which is not protected by disk encryption.
Since you are afraid of data leakage through physical theft, you should be even more afraid of an online leak that is more likely to occur.
On NAS, the encrypted veracrypt container which you mount on your machine via smb / nfs. In this way, the only place of data leakage when it is decrypted is the user's machine. Which limits the attack vectors and the amount of time the data is exposed to leakage.
imho
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
