Info Synology NAS Encryption: Forensic Analysis of Synology NAS Devices by Elcomsoft

Currently reading
Info Synology NAS Encryption: Forensic Analysis of Synology NAS Devices by Elcomsoft

8
4
NAS
DS218
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
  2. iOS
I would say the "j" series are perfect for many home users who just need a "data grave". By the way, encryption speeds are horrible at least on DS216j, with about 85 MB/s reads (acceptable) and only 35 MB/s writes (way too slow, extremely poor implementation even for this low-end and dated hardware).
 

jeyare

Subscriber
2,486
833
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
@fredbert
Yeap, from behaviour science you need prepare low cost and high-ends to be ready for golden middle way orders :)
 

jeyare

Subscriber
2,486
833
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
Or purchasing of the low-end NASes based on an assumption makes more traumatic experiences.
... assumption is the mother of all F*** ups!
reason why we are here
 
3
0
I need a bit of a research on this (and I have that planned). From what I've seen, the encryption key stored on a USB device is wrapped with a user-provided passphrase. That's fine; in an ideal world, this would mean that one would need all three of (hard drive), (USB stick) and (user-provided wrapping passphrase) in order to unlock the encrypted folder.

However, from what I've seen, DSM allows automatically mounting encrypted folders on boot even if you store the encryption key on a USB stick and enter your own wrapping passphrase. This, in turn, would mean that the wrapping passphrase (not just the hash but the actual passphrase) is stored somewhere on the HDD; otherwise, DSM would be unable to mount such folders automatically on boot.

Whether or not the wrapping passphrase is stored on the HDD if you are NOT using the "automatically mount" feature is subject to future research. Technically, it shouldn't be there, but I wouldn't place my bets on it.
Hi Oleg. I've just read this thread and I'm wondering whether you've completed the research that you mentioned above?
 
Dear all,

Sorry for digging this old thread, but apparently there was still an encryption master password at least in DSM 7.0
Could you point out to me the corresponding CVE ID number to monitor this thread and ask Synology to display it publicly.
Is there still a master password in DSM 7.1?

Kind regards,
Amenotis
 
All known CVE about Synology are there:

If a vulnerability is not described as a CVE it does exist for Synology.

Could someone point out to me the CVE ID about this threat?
 
29
6
NAS
DS1513+
Operating system
  1. macOS
Mobile operating system
  1. iOS
Hi very interesting topic, thanks for resurrecting it 😄.

I was wondering how encryption (stored on usb key) is supposed to work on a Synology SHA cluster ?
Does both nodes needs to have the usb key mounted ? Only the active server ? How to switch from active to passive ?

I haven’t found many documentation on this.
 

Telos

Subscriber
2,839
898
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
7.2 comes with volume encryption (in addition to folder-based encryption). Finally.
Wait and see... Is the OS partition encrypted? What about swap? What about performance? Will it only work with Synology HAT drives?

Synology always comes up short... I'll wait and see.
 
5
0
NAS
DS920+ planned
Operating system
  1. Windows
Mobile operating system
  1. Android
Probably not, but do any NAS providers offer volume encryption with OS encryption?
Volume encryption usually slow down performance some, but usually not by much. Volume encryption is a lot better when it comes to performance than than folder based encryption. Its also more secure since it also protects metadata on the volume. Those users who want that extra layer of security can use volume encryption for the entire volume and in addition use folder based encryption for extra sensitive files.
I think thats the same protection you'll get on a QNAP.
 

Telos

Subscriber
2,839
898
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
Probably not, but do any NAS providers offer volume encryption with OS encryption?
This is availble on most prominent Linux distros, and partial encryption is only of partial value nowadays.
also more secure since it also protects metadata on the volume
You may be suprised at the level of metadata residing outside the data volume.
I think thats the same protection you'll get on a QNAP.
If QNAP is our standard, we are in grave circumstances 🤣
 
5
0
NAS
DS920+ planned
Operating system
  1. Windows
Mobile operating system
  1. Android
This is availble on most prominent Linux distros, and partial encryption is only of partial value nowadays.

You may be suprised at the level of metadata residing outside the data volume.

If QNAP is our standard, we are in grave circumstances 🤣
I agree that full encryption of also the OS would be better, but for those looking for a non-custom NAS solution like QNAP or Synology, I'm guessing thats not something that exists.

QNAP is shit, but they have provided volume protection for years. It's a shame that Synology is so slow to offer this.

I agree that they could do more, but by offering volume protection on 7.2 I think theyre heading in the right direction.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

From a quick Google search I've deducted that they are the following keys: Y-237 is YubiKey 5 NFC & Y-255...
Replies
2
Views
2,006
It's a VM running on ESXi. 1644083540 Good point. I could indeed use the Geo-IP settings on the OPNsense...
Replies
4
Views
1,675
Hello guys, I am sorry for my late response, but I was travelling due to work duties. Hello Rusty, I...
Replies
4
Views
319
Not sure how this post went under my radar, but thanks for sharing your solution with the members.
Replies
3
Views
715
If you disable your nas firewall, then it’s opened up to everything and anything, because you have no...
Replies
24
Views
1,400
  • Locked
  • Question
https://www.synoforum.com/threads/synology-nas-encryption-forensic-analysis-of-synology-nas-devices-by-elco...
Replies
1
Views
704
  • Question
Thank you! That works and never saw the option. Thank you.
Replies
2
Views
1,200

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top