NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Unlocking encrypted RAID with USB disk
Hello, Apologies if this has been answered before. I couldn't find it here, nor it is mentioned in the manual: - What filesystem does the USB drive need to be? MS-DOS FAT / FAT32 surely doesn't...
FWIW, I agree with Sandshark on the need for backup.
Do you know what caused the old USB disk to fail? If there was a power failure that damaged the disk, then it is possible that the failure also caused issues with the RAID array.
You could also try paid netgear support (perhaps per-incident support) via my.netgear.com. If the key is correct and the RAID array isn't corrupted, they should be able to get the volume mounted. If the volume is corrupted, you'd need data recovery (and if the key file is wrong, then the data is unfortunately lost).
First of all, thanks to StephenB and Sandshark for the help and to Marc_V for replying to the other topic.
Sandshark I agree with you and the IT saying, but it's not really what I'd reply to an angry customer with ~30 GB of their client's data at stake.
StephenB The "old" USB disk was not gone, they just decided to "use it for something else". While I'd facepalm on that, I also agree that using a 3 TB external HDD just for the purpose of storing a 2,732 bytes encrypted key is not an optimal solution.
They had the encryption key copied from the USB disk, after it was created. They also had the e-mail sent from the NAS including the key (this is automatically sent after the encrypted volume is created). They were identical.
For what it's worth - I have also managed to recover the key from the external HDD. They had already repartitioned it but haven't really written any data on it so it was an easy task. It was identical to the ones above.
I'm guessing all of that could have been avoided by testing if the NAS could boot with the key on a new flash disk BEFORE using the current media for anything else. Oh well...
So what I did is:
- I attached the flash disk to a server running Gentoo.
- I zeroed the whole disk, first to last sector.
- I created a single partition and formatted it with/in ext3.
- I used dd to copy the file to the USB disk, as opposed to cp before.
Then it suddenly worked.
Compared to what I had done before, the differences were points 2 and 4.
It didn't make any sense, but it worked so as soon as the volume was unlocked and we were able to start copying data out of it, I ran out of there and started drinking ¯\_(ツ)_/¯
I'm meeting them later today. I don't know what their plan for the ReadyNAS is, but unless they plan to store the details about Ocean's 11's next hit, I will strongly **bleep** against using an encrypted volume. It's just not worth the potential headaches...
Anyway, thanks again.
If the USB key is left installed all the time, there is very little being accomplished. A thief will just steal both. About the only use it has is that if the drive fails, it makes data recovery impossible. But one has to weigh whether anybody would expect the data to be valuable enough to attempt the complex process of recovering it from a failed drive. And there are always the bonfire, drill, and sledge hammer methods of protection.
N_i_c_k wrote:
So what I did is:
- I attached the flash disk to a server running Gentoo.
- I zeroed the whole disk, first to last sector.
- I created a single partition and formatted it with/in ext3.
- I used dd to copy the file to the USB disk, as opposed to cp before.
Then it suddenly worked.
Compared to what I had done before, the differences were points 2 and 4.
It didn't make any sense, but it worked so as soon as the volume was unlocked and we were able to start copying data out of it, I ran out of there and started drinking ¯\_(ツ)_/¯
I agree that (2) and (4) shouldn't have mattered, but the good news is that the customer is up and running again.
N_i_c_k wrote:
I will strongly **bleep** against using an encrypted volume. It's just not worth the potential headaches...
I totally agree. The threat it protects against is quite narrow, and the need to physically secure the key complicates operations and remote management. They'd be better off finding a way to physically secure the NAS.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
