The content of the article
Data protection, privacy and compliance with the standards of safe storage of information is something that almost all manufacturers of storage media work on. And if everything is more or less good in the corporate segment, then the advertising slogans “secure encryption AES-256” in drives aimed at the home segment should definitely not be trusted.
This article opens up a new big topic: data encryption on external drives and network attached storage. Frankly disregarding security implementations, leaky key storage schemes, random number generators that give out one of the 255 options flashed into the system, this is the smallest of what we encountered during the study. Let's start with the most, perhaps, the most popular brand of network attached storage – Synology company models.
Network Attached Encryption (NAS)
The competition among manufacturers of network storage for home users and offices is huge. Here are Western Digital models, attracting zero or negative price (NAS with an integrated disk costs less than the same disk separately), and recognized grandees of QNAP and Synology, which take powerful software and long-term support, and Asustor and Drobo, with varying success, and even exotic for us Terra Master and Thecus. Most models of these manufacturers provide encryption to protect user data.
Encryption in Synology
Without exception, all Synology NAS drives use the same AES encryption algorithm with a 256-bit key length. The choice of this encryption algorithm is quite logical: most modern chipsets support AES hardware acceleration, or at least the set of instructions used in this algorithm. However, the real security of the data encrypted in this way is dramatically different depending on the implementation.
Almost all NAS, which generally have the ability to encrypt data, use either the entire drive protection (SED hardware encryption – Self-Encrypting Disk – at the level of the SATA controller), or encryption of a volume located on a single disk or on a RAID array . In some models (for example, QNAP), both methods can be activated – and this avoids some obvious attacks.
In Synology models designed for server racks, you can also enable hardware-based SED encryption. However, most home and office models do not have such an opportunity. Instead, Synology suggests using file encryption at the level of individual network folders.
Encryption is implemented using the standard Linux file system eCryptFS, which can be read about, for example, here or here. Compared to encryption methods based on the protection of entire volumes, such file-by-file encryption has advantages and disadvantages.
In dignity, we write the following:
- Since individual network folders are encrypted, it makes absolutely no difference on which of the internal physical or logical drives they are located.
- Each user can encrypt their folder with their own password. This provides protection between individual users.
- The standard encryption implementation allows you to simply copy the encrypted folder, for example, to another drive, and the data will remain securely encrypted. At the same time, it will be easy to mount and decrypt such a folder by standard means on any Linux computer.
- Both the data itself and the names of folders and files are encrypted.
If file encryption has so many advantages, why do all other manufacturers prefer to encrypt entire volumes? Unfortunately, the disadvantages of eCryptFS can seriously limit encryption or even make it impossible.
The main and most annoying limitation of eCryptFS is the length of file names. The file name in the encrypted folder cannot exceed 143 ANSI characters or 47 characters of a hieroglyphic record.
The next limitation is directly related to the security of encrypted data, and it is more than serious. As part of the eCryptFS implementation, Synology developers did not provide such a simple thing as separating the Media Encryption Key (MEK) and the Key Encryption Key (KEK). As a result, the password that the user sets when creating the encrypted folder, and thus serves as the data encryption key – MEK. Not to mention the fact that the entropy of the password set by the home user or office worker is usually significantly less than 256 bits, which allows you to create a very fast and effective attack.
Continuation is available only to participants
Materials from the latest issues become available separately only two months after publication. To continue reading, you must become a member of the Xakep.ru community.
Join the Xakep.ru Community!
Membership in the community during the specified period will open you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score!
I am already a member of Xakep.ru