DSM-G600, DNS-3xx and NSA-220 Hack Forum

Thanks oxygen for replying. Is encrypt a container file method? I don't really want that.

Right now I am getting a cross-compile environment going using these instructions: http://dns323.kood.org/howto:crosscompile

So far I have made a "Hello World" app and it works!

I have installed aes.ko and twofish.ko. I'm not sure which is better. My current old clunker (openSUSE 10.2) uses twofish-256 while my desktop uses luks (AES I think).

I have cross-compiled device-mapper and it does run on the dns-323. Haven't done anything more than just run dmsetup and get the usage message.

Right now I am going to try to cross-compile the kernel (linux-2.6.12.6) and see if I can get the dm-crypt (et al) modules. Then I will copy those over to the dns-323.

After that I will try to get cryptsetup to compile and run.

I am truly surprised that there is very little information about getting a real encrypted partition on the dns-323. Everything I can find talks about the container method (a large file that acts like a partition). But, I don't think the container method would be right when I want a 750GB encrypted storage.

oxygen wrote:

If you use the stock firmware, this is the only way.

That might be true, but so far I have cross-compiled libpopt, libuuid, libgpg-error, libgcrypt, libdevicemapper (and dmsetup), cryptsetup and the AES kernel module.

They are working in so far that they display their usage information.

I'm currently trying to figure out the best way to create the encrypted partition. My problem is that I configured the DNS-323 to be RAID-1. So both drives are effectively in use. I do have fun-plug installed and the above libraries and executables are stored the hard drives.

Do you think (or anyone that happens to read this), that this sounds like a good way to create the encrypted partition:

First, turn RAID off.
Partition drive in slot1 to have a 1GB ext3 partition and the remaining space (~749GB) encrypted partition.
FFP and the modules/libraries/executables I just created would be stored on the 1GB ext3 partition.

My problem is if I turn RAID-1 back on, will it format the drive in slot1 (thus loosing everything I just did) or mirror it's contents onto the drive in slot2?

Perhaps if I do not turn RAID-1 off but just pull the drive from slot2, then setup the drive in slot1. When I reinsert the drive in slot2 the dns-323 will synchronise the drive in slot1 onto the drive in slot2? I would like to keep the RAID-1 setting if I can. The redundancy is nice.

Alvin

What exactly wont work? Partitioning the drive? Keeping RAID-1?

I have the modules and cryptsetup compiled and they are working. Just need to copy the modules and cryptsetup so the 323's OS location (I need to read the wiki on how the internal storage is structured).

What is the best way to partition the drives? I vaguely remember the dns-323 asking me about Volume size the first time I turned the device on (with the hdd's installed). Would it work if I reset the device and use the web configuration to create two partitions? Once the partitions are created, I'm hoping that the RAID-1 will duplicate the partitions structure and contents. So, while I apply the AES encryption to the largest partition, the RAID-1 hardware will duplicate the changes on the 2nd drive??

skydreamer wrote:

I am following this thread with great interest and still cannot get over the most fundamental issue that makes the encryption on this CPU underpowered box impractical- the speed.

I guess that 1MB/s transfer speed is a fairly conservative estimate- this is just 3GBytes/hour and 15 times slower than is the full DNS-323 potential.

How could you live with that?

I couldn't

But, the 1MB/s you quote, is that for loopback crypto file (an encrypted file that is loopback mounted as a filesystem)? I have yet to see any stats on real partition encryption. I know that crypto files are slow. I use one on my MacBook Pro that runs openSUSE 11.1.

Yeah, after getting the DNS-323 I found this: http://cryptonas.org/

It's a live CD that will create the encrypted partitions on the drives that in the computer.

Then again, I got the DNS-323 because I thought it there was a huge online community for hacking it.

oxygen, I just about 100% there will be a big negative impact when transfer to an encrypted partition. However, the largest file I have ever saved is _maybe_ 1GB. Most files are in the range 50-500MB.

Also, I'm using NFS instead of Samba (all my boxes are Linux boxes - no Microsoft Windows). I'm not sure of the overhead of NFS vs. Samba though.

Strange enough, I can use the modules and cryptsetup to create a encrypted loop filesystem and have the dns-323 mount (LuksOpen etc.) that using AES/SHA256. I haven't benchmarked the performance yet though.

I'm still working on getting a true encrypted partition. Right now I'm finding it hard to get information on uninstalling FFP. I have read that it's just a matter of deleting the /ffp symlink and /mnt/HD_a2/ffp directory. However, I did call "store-password.sh" when I was setting up sshd. I'm not sure if that is going to cause me any problems?

I've read (in passing somewhere) that it possible to custom partition a drive using a desktop and then sticking it into the NAS. I haven't reach that point yet. I want to try to get the NAS to format the partitions for me. Then I ssh (after reinstalling ffp) and mess with the boot/automounting partitions done by the NAS.