NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS encryption implementation
Hi there, I was wondering what kind of encryption the ReadyNAS use? is it Luks? What is the performance impact expected on an old Pro 6 running a E6600 and 4GB of RAM? Thanks Tony
tony359 wrote:
I was wondering what kind of encryption the ReadyNAS use? is it Luks?
Yes, LUKS
tony359 wrote:
What is the performance impact expected on an old Pro 6 running a E6600 and 4GB of RAM?
I don't know, as I don't use volume encryption.
One big limitation is that once encrypted is you
- won't be able to vertically expand the volume.
- won't be able to expand horizontally useing bigger disks
FWIW, I also don't see much of a security benefit. My NAS on power schedules (including my Pro 6) would need the USB key to be in them all the time. While I could remove the key from the main NAS after every boot, I'd still need to keep it nearby.
No expansion? Then no thanks! :)
Thank you for mentioning that.
My NAS is on 24/7 so the USB key is only needed every now and then. But I see your point, if I have a power cut when I am away or I need to reboot remotely...
The USB drive can be unmarked, in a drawer along with many others. Yes, it's not 100% secure but if Arsenio Lupin steals my NAS, find the unmarked key and realises how to use it, then I am ok with them reading my bank statements! :D
Thanks again for your help as usual Stephen!
tony359 wrote:
No expansion? Then no thanks! :)
Very limited expansion. You can apparently add another drive of the same size to an empty bay, but that is it.
tony359 wrote:
The USB drive can be unmarked, in a drawer along with many others.
True (but if you use volume encryption, you need to make sure you have more than one copy of the key!). I'm not saying there is no security benefit, just that I don't think the benefit is worth the downsides.
There are a couple of other approaches to creating encrypted storage on the NAS. I believe that Sandshark uses VeraCrypt.
Yes, I have a Veracrypt "volume" on my NAS. As the NAS sees it, it's just a big file. I run Veracrypt on the PC that is using the "volume" that Veracrypt mounts. Here are some pointers:
Unfortunately, it does mean only one device can access the "volume" at a time.
Turn off Strict Sync for the share containing the file, or writes will be extremely slow.
If you are transferring a large quantity of smaller files (like a lot of photos), be careful, especially if the file starts to get really large (>500MB). I have seen the brtfs-transaction process (as viewed from ssh) reach 100& and then "lock up" the Veracrypt volume. Some of the files transferred to that point will be corrupt, and no more files can be transferred. I ran a lot of tests once I saw it happen, and never saw existing files corrupted, but I can't say it won't happen. Best bet is to transfer files in smaller (<100) groups. I suspect keeping strict sync enabled eliminates this problem, if you can stand the slowdown (or, more precisely, that turning it off creates the potential for the problem).
If you write to the file often, it is fairly large, and you do backups with snapshots to another ReadyNAS, then use ReadyDR, not a file-based backup. The amount of space and time this saves can be huge.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
