DSM-G600, DNS-3xx and NSA-220 Hack Forum

There also seems to be a compiled truecrypt  kernel module for the DNS-323, however couldn't get it to work.

Truecrypt would be - great - to get working on the 323, and look forward to anyone's comments on how this could be done..

Thought I don't have time myself, might I recommend the notes @ http://www.howtoforge.com/truecrypt_data_encryption . Perhaps someone could go through the notes, and create a module for us to use on the 323.. ?

Last edited by rguerra (2007-07-07 16:43:44)

Have a look here: http://dns323.kood.org/forum/t720-Compi … NS323.html
Also, it seems you need to compile and install quite a few packages:
libgpg-error-1.5
libgcrypt-1.2.4
popt-1.10.4
device-mapper-1.02.20
cryptsetup-1.0.5

But I think it's doable.

Indeed, I am using TrueCrypt to create an encrypted drive image which is stored on the DNS-323 (Raid 1). I just run the TrueCrypt software from my workstation which is running WINXP-PRO to create the encrypted drive image stored on the DNS-323 and mount it. Works perfectly and solved all the problems I had previously with file names that that had special characters or multi lingual etc.

aahorn wrote:

Indeed, I am using TrueCrypt to create an encrypted drive image which is stored on the DNS-323 (Raid 1). I just run the TrueCrypt software from my workstation which is running WINXP-PRO to create the encrypted drive image stored on the DNS-323 and mount it. Works perfectly and solved all the problems I had previously with file names that that had special characters or multi lingual etc.

Hello aahorn, could you say a bit more about how you are doing this? I'm very interested.

Do you create a large 100GB, or 250GB, or 500GB container file and then open that up with TrueCrypt? That would seem like it might not be efficient because to create an empty file of even 100GB filled with random data can take a very, very long time. I don't know of a way to just mount the device, but perhaps that is possible?

Thank you

i'd rather use a kernel module on the DNS 323, that way software does not need to be used on the client machine. One would just connect via samba, and then all the files would be - transparently - encrypted on the 323.

For me that's a better solution then running an application on the client PC. To make things worse, truecrypt doesn't work on a mac.

Another solution would be to use the File System in Userspace (FUSE) kernel module. It has a a lot of plugins, including ones for encryption.

it likely would be easier to get FUSE working on the DNS 323 then truecrype.

FUSE Details - http://fuse.sourceforge.net/

FUSE File system plug-ins available - http://code.google.com/p/macfusion/wiki … oImplement

rguerra wrote:

i'd rather use a kernel module on the DNS 323, that way software does not need to be used on the client machine. One would just connect via samba, and then all the files would be - transparently - encrypted on the 323.

For me that's a better solution then running an application on the client PC. To make things worse, truecrypt doesn't work on a mac.

I'm with you. Maybe we should establish a bounty $ to compile and make it work on the DNS 323. I'm really interested on this but I don't have the knowledge to start.

HaydnH wrote:

Has anyone got any further looking at encryption as a kernel module? I get my dns-323 tomorrow and will be looking at getting crypto-loop working soon, I use it on my desktop anyway using an old sd-card as an encryption key but will be using a usb key for this device... setting it up shouldn't be too complicated (hopefully) although I need to have a look at how the device handles mirroring and multiple slices on each disk.

sounds very promising! any news on crpyting the dns323 (except for making an IMAGE of some files on the dns...)

cheerio

Hi,

I'm bringing that thread up again, because I'm planning to buy a 323 especially for the encrpytion. My old NAS is completely closed and thats why I'm searching for a new one, where I can install all the features I want. So my question is, does somebody get it worked? Or is there any other solution to get encrpytion in a NAS, directly on the system?

Regards,

May

Ah k, thx for the hint. So there is just the possibility over truecrypt and a host PC? Does somebody use that? Any experience with that?

May

May wrote:

Hi,

I'm bringing that thread up again, because I'm planning to buy a 323 especially for the encrpytion. My old NAS is completely closed and thats why I'm searching for a new one, where I can install all the features I want. So my question is, does somebody get it worked? Or is there any other solution to get encrpytion in a NAS, directly on the system?

Regards,

May

I have had a DNS-323 for over a year and I love it (running funplugs).

BUT, IMHO it does NOT have enough horsepower (CPU or Memory) to support Encrypted volumes in real time.  (I am talking about LUKS here ... assuming you can even get it to work on the DNS-323).

This is after much research and even querying Martin Michlmayr via email (this is my conclusion -- not his).


You would be much better served by coupling a Thin Client with USB, Firewire, or eSATA external hard drives.

I do this all the time and serve Music, Video, Files etc from numerous external USB/Firewire/eSATA hard drives with good performance.

PS:  These are "embedded" in that I have loaded Debian onto their DOM's and they boot from the internal DOM.  (You can also replace DOM with laptop hard drive if you want a conventional drive with the commensurate heat, noise, and failure rate).  Passphrase is needed to access Encrypted Volumes after the OS is booted.

So I can have my cake and eat it too:
- Small form factor
- Low wattage (HP Thin client T5000 series consume between 9w - 27w depending what else you put in them; measured by a "Kilawatt")
- Very secure Encryption (LUKS with a passphrase as long as your arm)
- Reliable file format (EXT3 with LVM2)
- Client platform independent
- Can do a TON of other stuff (I do SSH, SAMBA, VOIP Proxying, Perl scripts, you can do FTP, web server, etc etc etc)
- Very good performance (multiple clients watching videos and listening to music music simultaneously) since the HP models have 733Mhz - 1.2Ghz and can run 512MB - 2GB RAM depending on model (undocumented)
- In fact, if you get higher end thin client (like HP T5730) you have Gigabit Ethernet, and PCIe 1x expansion capability to make a "real" NAS with awesome performance
- Absolutely nothing extra needed on clients that are accessing it
- Portable solution
- Cost effective, not much more expensive that retail price of DNS-323 if you source thin client from ebay/etc

You can see my previous post in this forum here on this topic when I was getting serious about playing with the DNS-323 vs thin client.

Cheers

Last edited by tester321 (2010-02-13 18:36:39)