encryption on drives questions

Status
Not open for further replies.
hescominsoon

hescominsoon

Patron
Joined
Jul 27, 2016
Messages
456
hypothetical situation. You have encryption enabled on your storage drives. Obviously encrypting the boot drive is not normal procedure. Let's say somebody steals the entire server(which in SMB land is very real concern)...this means they have the boot drive and the storage drives.

1. I am assuming the encryption keys for the secured storage are kept on the boot volume?
2. If the above scenario happened...would the data be easily compromised?
3. Is the data on the storage drives still unreadable?
 
F

fta

Contributor
Joined
Apr 6, 2015
Messages
148
hescominsoon said:
hypothetical situation. You have encryption enabled on your storage drives. Obviously encrypting the boot drive is not normal procedure. Let's say somebody steals the entire server(which in SMB land is very real concern)...this means they have the boot drive and the storage drives.

1. I am assuming the encryption keys for the secured storage are kept on the boot volume?
Click to expand...

They are.

2. If the above scenario happened...would the data be easily compromised?
Click to expand...

It would.

3. Is the data on the storage drives still unreadable?
Click to expand...

Yes, but your key could be used to decrypt it.

However, you can also set up the encryption to use the key *and* a password. If you do that, your key is still stored on the boot disk, but it is useless without the password.
 
hescominsoon

hescominsoon

Patron
Joined
Jul 27, 2016
Messages
456
fta said:
They are.



It would.



Yes, but your key could be used to decrypt it.

However, you can also set up the encryption to use the key *and* a password. If you do that, your key is still stored on the boot disk, but it is useless without the password.
Click to expand...

This would necessitate entering the password on boot correct?
this is not an issue for my more security conscious clients.
 
F

fta

Contributor
Joined
Apr 6, 2015
Messages
148
hescominsoon said:
This would necessitate entering the password on boot correct?
this is not an issue for my more security conscious clients.
Click to expand...

Correct. Every time the system is booted you have to manually (in the GUI) mount the volume with your password.
 
hescominsoon

hescominsoon

Patron
Joined
Jul 27, 2016
Messages
456
good. Thanks..that makes things much clearer and allows me to move forward with my project..:)
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "encryption on drives questions"

Similar threads

gegtor
How to set up data encryption the most secure way
Replies
5
Views
4K
no_connection
N
T
Beginner Questions on Encryption
Replies
11
Views
2K
Davvo
Davvo
J
Questions about how not to make mistakes with encryption
Replies
9
Views
3K
John Childermass
J
B
  • Locked
Question - boot password? volume mount password?
Replies
2
Views
2K
dcevansiii
D
G
  • Locked
How to activate TCG on a Harddrive?
Replies
2
Views
2K
Chris Moore
Chris Moore
Top