Securing a removed/stolen (or failed) drive is achieved by this method. Securing the entire device from theft is not achieved.
An equally if not more likely threat for many is losing or forgetting the encryption key and losing all your data.
All of these scenarios should be clearly spelled out and noted.
Storage is one of the worst for losing keys it stays powered on for months or years without a reboot. Then you suddenly realise you lost the key. Or the person that had it left.
I don’t think the keys are device specific. If a drive
is stolen but not the NAS, the key is stored in drive, not linked to device, and data can be unlocked. That’s my understanding from what I read. It seems to be a good obfuscation.
6 comments
[ 2.9 ms ] story [ 24.9 ms ] thread1. The key is stored locally on the same device as the encrypted data. Synology does not reveal the exact location and format of that key.
2. The key is managed by a remote KMIP server on another Synology NAS.
The vast majority of people use option 1, in which case their data is not secure.
Securing a removed/stolen (or failed) drive is achieved by this method. Securing the entire device from theft is not achieved.
An equally if not more likely threat for many is losing or forgetting the encryption key and losing all your data.
All of these scenarios should be clearly spelled out and noted.
Storage is one of the worst for losing keys it stays powered on for months or years without a reboot. Then you suddenly realise you lost the key. Or the person that had it left.