Sign in with
Sign up | Sign in

Synology DS1010+

Is Data Encryption Worth Destroying Your NAS' Performance?
By

The Synology DS1010+ also comes with a dual-core Intel Atom D510 and 1 GB of DDR2 RAM. But unlike the devices from Qnap and Thecus, it encrypts data at a file level, instead of at a partition level. This is implemented via eCryptfs, which is rather similar to the popular TrueCrypt software. It creates a container that can grow or shrink in size dynamically as needed. The data stored in these container files is individually encrypted, while the information used to decrypt the files is stored in the unencrypted file header. In the following screenshots, we can see just how such a container is created, and what information from the encrypted file in it can be displayed directly in the Linux console.

Since Synology uses eCryptfs, the RAID arrays have to be configured and ready to go before enabling encryption. Setting up the encryption can be done when configuring file or folder sharing.

When sharing a folder there is a menu item in the Web interface called “Encrypt this shared folder.” This also requires the user to enter a password string that the encryption is based upon, and it has to be at least eight characters long.

If the menu item “Mount automatically on startup” is selected, the password is saved on the NAS device. This option allows you to automatically mount the encrypted folder after rebooting the device. But just like with the Qnap NAS, you should not use this feature if you are concerned about security (and if you're enabling encryption, there's a fair chance that you are).

Again, we receive a dialog box warning the user to store the key in a safe place, as the data cannot be decrypted without it. It also says that there might be a performance impact as a result of the encryption, and that the folder will not be available via NFS.

After confirming the operation, the encrypted folder is available just a few seconds later and the download of the key file that was generated from the password you entered is automatically accessed.

If you choose not to store the encryption password on the NAS, you can still access the encrypted folders after rebooting. This can be done either by entering the password via the Web interface or by using the downloaded key file.

If the encrypted folders are not mounted via eCryptfs, you just see a list of unintelligible letters and numbers when displaying the drive contents in the Linux console. After mounting them using the password, they are displayed as usual.

React To This Article