QNAP上面的加密是甚麼原理?

QNAP的storage pool入面的每一個volume咪有個lock功能既?

睇返官網, 其實只係一個AES加密功能
https://docs.qnap.com/nas-outdat ... ted_file_system.htm

但唔係好明白當中原理, 因為我試過直接斷電唔比機會佢lock, 但開完機之後都係locked, 如果係自己的linux, 都可以做到依種極速lock harddisk既效果嗎?

更神奇的是, 我手上部nas係連system volume都有加密的, 但開完機係未unlock狀態下, 依然可以入到QTS, 用ssh入去一樣睇到file
咁所謂既lock究竟lock左乜?

Behavior of Encrypted Volumes upon System Reboot



In this example, we have two encrypted disk volumes on the NAS.
•        The first volume (Single Disk Drive 1) has been created with the option "Save Encryption Key" disabled.
•        The second volume (Single Disk Drive 4) has been created with the option "Save Encryption Key" enabled.



After restarting the NAS, check the volume status. The first drive has been unlocked and mounted but the second drive is locked. Since the encryption key is not saved on the second disk volume, you have to manually enter the encryption password to unlock it.
•        Saving the key on the NAS will protect you only if your hard drives are stolen. However, there is a risk of data breach if the entire NAS is stolen as the data is accessible after restarting the NAS.
•        If you do not save the encryption key on the NAS, your NAS will be protected against data breach even if the entire NAS were stolen. The disadvantage is that you have to unlock the disk volume manually on each system restart.

TOP

其實段字無任何解釋...

TOP

唔係好明白當中原理, 因為我試過直接斷電唔比機會佢lock, 但開完機之後都係locked
3ldk 發表於 2021-9-7 05:33 PM



懶人包:
佢唔系unlock,而系mount。
試想像1個物理鎖,你unlock左,用完就要lock翻先至安全。
而mount左1個 Network Drive/encrypted partition 之後,disconnect、正常關機、斷電關機、或者user要求,都可以系unmount。(所以出現左樓主講嘅「極速lock harddisk」效果,其實系unmount)
unmount完要mount翻先至要重新入 userpass/key。

正經:
據我所知,其實加密左嘅資料,只有2個方法可以睇翻。
第1個方法系永久解密;
第2個方法系掛載已加密嘅 資料夾/partition。

樓主你用嘅系第2個方法,呢個方法系響user要read野嗰陣,由HDD/SSD read已加密嘅資料出嚟,即時解密再比user睇,而write嘅過程就相反。

響user加密partition之後,呢個partition就唔存在明文嘅資料,如果user冇將 解密key 交俾其他 人/機,user本人就必須親自入 解密key,mount翻d data。

所以,點解veracrypt會用「mount」而唔係用「unlock」呢個字?因為呢個動作真係冇unlock的成份,但係nas係面向家庭用戶嘅產品,唔寫「unlock」會有人明?…

儲存燒錄區有位師兄對加密比較了解,你可以留意下。

(如有錯,請指正。有請其他師兄補完)

TOP

所謂既lock, 你當係加密
開機後打一次password, 其實係將key save左響RAM, 之後你讀寫任何data都會用條key
斷電當然RAM清空左, 自然要重新打password

linux做相同方法 : veracrypt, 上面有師兄講左 (其實windows都用得veracrypt)

TOP

睇完回答先發現原來問題入面有D野寫漏左
就係當你按下unlock, 輸入密碼之後, 要等成十幾分鐘隻硬碟先ready

如果所謂unlock只係save低密碼, mount partition, 到read data時才real time decrypt, 咁理應只需幾秒鐘就可以完成
咁依十幾分鐘隻nas用左去邊?

TOP

睇完回答先發現原來問題入面有D野寫漏左
就係當你按下unlock, 輸入密碼之後, 要等成十幾分鐘隻硬碟先ready
...
3ldk 發表於 2021-9-15 15:08


https://forum.qnap.com/viewtopic.php?t=118954
D人話unlock之後會熄哂所有service (估計係指restart所有service, 幾乎等於reboot)

TOP