Discuss with the community any ideas you'd love to see in future DiskStations and DSM updates! We do our best to monitor and forward all of them, but we recommend to also use this form as our team will systematically see your suggestion:
Synology Community is the new platform for the enthusiasts' interaction, and it will soon be available to replace the Forum.
- I'm New!
- Posts: 4
- Joined: Wed Oct 04, 2017 6:48 am
Full disk encryption has been mentioned before, so this is just a periodic reminder for Synology to consider replacing eCryptfs with LUKS. Or making it an option since some of the less powerful models won't have the CPU to encrypt the whole volume.
Right now you can encrypt Shares using eCryptfs, but this has a number of significant drawbacks that make it useless for me.
- 1. 143 character filename length limit
2. NoteStation data isn't encrypted
3. Synology Office data isn't encrypted
4. Other metadata (photo, video, chat) stored in the on-board postgres database also isn't encrypted
You can address all of these by implementing LUKS on top of the LVM volumes and formatting the encrypted container with btrfs.
Hacking this in wouldn't be too hard: compile a dm-crypt kernel module, manually recreate the volume with luks, modify the startup scripts to handle mounting. The tricky part is how to enter the password during the boot sequence. I decided that hacking a serial terminal was too much effort to have all of this wiped out on the next DSM release. I think someone in another thread mentioned a light web server that would launch before the volume mount and accept the password. That's how I would implement it too.
The Synology applications are awesome. I look forward to someday not worrying about someone stealing my NAS. Until then, I'll be exploring physical home safes that have ventilation
- I'm New!
- Posts: 8
- Joined: Fri Jun 14, 2013 1:00 pm
I complained about it in 2015 just after I had bought my ds1815+ and was surprised by the lack of real encryption (I don't think ecryptfs can be taken seriously for the reasons you mentioned).
I bought a qnap after that. They have had LUKS since years (just like my own linux server since the early 2000's).
Now I use my synology for uncritical stuff only, and the rest goes to the qnap with FDE.
I always recommend people against synology just for this reason.
- I'm New!
- Posts: 1
- Joined: Thu Dec 07, 2017 9:44 am
Another wote for Full disk encryption
- I'm New!
- Posts: 1
- Joined: Fri Dec 08, 2017 4:09 pm
I'm looking for some NAS to be purchsed both for my company and my home.
There are 2 basic features, among the others, I'm looking for:
1) Disk encryption (with hardware acceleration) to protect data in case the NAS is stolen
2) Block-Level remote replication, to keep remote disaster recovery copy up to date while not killing the WAN connection, especially for the backup of email server and VMs (big files of 2-12GBs with very few block changes every day)
I'm considering Synology and QNAP NAS solutions, and I found Synology environment more attractive (and better documented), it seems to support the Block-Level Remote Replication (at least on the specs: does anybody have any real world experience with it?) but the lack of Disk Encryption puzzles me and prevents me to proceed.
It looks like the technical soluton (LUKS) is there, but for some reason this feature - which is invoked by users since many years - has not yet been taken into serious consideration by Synology.
C'mon guys, NAS are pretty easy to steal and data pivacy is a major concern for both Companies and private users: why aren't you considering this option, at least on your devices already supporting hardware accelerated encryption?
Any feedback from Synology will be appreciated.
- Honorary Moderator
- Posts: 19632
- Joined: Mon Oct 23, 2006 12:48 pm
- Location: Switzerland
zbrr wrote:IAny feedback from Synology will be appreciated.
This is a user forum and not the place to get feedback from Synology.
*Please do not Private Message me for support questions; leave it on the forum so all members can learn. Thanks!*
DS718+ / DSM 6.2-23511 / ST4000VN000-2AH166 / SA400S37120G SSD cache /16 GB RAM
DS415+ / DSM 6.2-23511
LMS 7.9.1-166, 2 Squeezebox 3 + Boom
APC Smart UPS SUA750i