Jump to content
  • 0

...some questions regarding encryption features


p3x-749

Question

Hi,

 

I just came across the new product....looks quite nice.

Based on the feature-list, I'll have some questions, though.

 

- what hardware is need in order to support encryption? (i.e. TPM-Module)?

- is encryption implemented without relying on Windoze bitdefender?

- what if I want two access the cloud-drive from more than one host and use encryption?

 

..sorry, if this is already somewhere but I did not find that info right away....just kindly point me to it, in that case.

 

TIA,

   fred

Link to comment
Share on other sites

14 answers to this question

Recommended Posts

  • 0

No additional hardware is required here (eg, you don't need a TPM module).

 

As for the encryption:

  • StableBit CloudDrive uses low level kernel-based encryption for maximum performance and for full round trip encryption support.
  • Industry standard AES-256 CBC is used to encrypt every bit of your data.
  • The Operating System's core services (Cryptography API: Next Generation) are used for all hashing and encryption functions in the kernel (FIPS 140-2 compliant).

This, and a number of other features are mentioned here: https://stablebit.com/CloudDrive/Features

 

 

As for accessing the CloudDrive, you can only access it from one system at a time. If you try to "attach" it to another system, it will give you a warning that it's already in use. 

You can go ahead and forcible attach it on the new system, and it should detach it on the other system.

 

However, it will be encrypted, and require you to put in the passphrase or hash key for the CloudDrive before you can access the data. 

Link to comment
Share on other sites

  • 0

You are very welcome.

Alex did a good amount of research on how to implement the encryption feature, and we hope that it is secure enough that even the most security conscious users would be fine with using it. And without impacting performance too much.

 

If you have any more questions, don't hesitate to ask.

Link to comment
Share on other sites

  • 0

Thank you for the response and info...very helpful.

Alex has posted a long post detailing information about the encryption.  

You definitely should check it out:

http://community.covecube.com/index.php?/topic/1269-full-drive-encryption/&do=findComment&comment=8450

 

It's ... a bit of a long post, though.

Link to comment
Share on other sites

  • 0

OK, thanks again...here are two more questions though:

 

- From what I gather, the way the encryption API is used, a CPU with AES support will improve greatly to the performance of the encrypted filesystem

- what exactly are the options to combine this with DrivePool...what if I want my local multi-TB drives from DrivePool to be encrypted (but *not* sync this with a cloud drive)..can I do that?

Link to comment
Share on other sites

  • 0

Yes, if your CPU supports the AES-NI instructions (or the AMD equivalent), then this will definitely benefit the API that we use, and help boost performance.

 

As for combining with StableBit DrivePool, you can use the "Local Disk" provider.

Either:

  • Create a single large CloudDrive on the pool and encrypt it (since it uses "chunks", there is no issues with size), or
  • Create a CloudDrive on different disks and pool the CloudDrive's together. 
Link to comment
Share on other sites

  • 0

OK, finally got to test around a bit.

I recently upgraded my ZFS NAS and now got 7x2TB greens left...I did put these in my Win8.1pro desktop (which is my old server 32GB RAM, L3426Xeon (4C8T, no AES-NI)).

 

...I then created a pool out of these old disks, using DrivePool.

Then, I created a 1TB encypted cloud-drive on that pool, using the local provider, using default settings otherwise

 

- although local cache was set to zero (as default), CloudDrive created a Cache-Dir on one of my pool-disks :-( WOT? 

- I copied over some larger movie files (from my local, main disk, which is a SSD +200MB/sec read) to the pool and reached 98MB/Sec -> good, as this is the expected speed of one green disk

- then I copied the same files over to the encrypted cloud drive -> 78MB/sec write -> cool, as my CPU does not have AES-NI support. I certainly can live with that performance. (I did set IO-Performance to 4 threads each in cloud drive. maybe there is a more optimal setting for non-AES-NI CPUs?)

 

Now, I gather in order to be able to enable duplication for some folders on my encrypted disk,...

I should have started the other way round, by creating an encrypted disk out of each 2TB green, and then pool these "cloud-disks" together?

 

But...

 

What about the (unwanted) cache dir created by cloud-drive? I don't want it and don't have a disk to spare.

Is there a way to match the full/total physical size of the local disk when creating the cloud disk?

 

TIA,

    fred

Link to comment
Share on other sites

  • 0

There was a specific reason for the cache drives with the local provider, but I don't quite remember why.  I've flagged this for Alex, so I can get a proper response instead of guessing.

https://stablebit.com/Admin/IssueAnalysis/18734

 

As for the encryption, it's handled by Windows' CNG API.  This should be very fast, as it's done in the kernel here.

 

The slowdown may be that CloudDrive is writing to the cache and then offloading to the local storage provider.  This could be slowing down the file copy. 

Link to comment
Share on other sites

  • 0

thanks for taking this back to Alex.

 

I now tried the setup the other way around:

 

- creating an encrypted clouddrive on one local disk each

- then pool the cloud-drives

- then enable duplication on some folders.

 

...this basically works, but I am not able to create a cloud-drive with the real size of he full local disk.

These disks are 2TB greens....but their net value/space is 1.82TB...I can only select to create 1TB or 2TB cloud disks, where the 2TB would be too much, wouldn't it.

How can I manage my 2TB cloud drives from "overfilling" when the data reaches the physical limit of the real 2TB (1.82TB net) disks?

 

TIA,

   Fred

Link to comment
Share on other sites

  • 0

....something got messed up.

 

Drivepool reported some drives (cloud drives missing), while the Pool, created from the raw drives (where also the cloud drives were created on locally) reported all drives fine.

Also clouddrive did report some cloud drives as attached and some as non existant.

 

....I destroyed all cloud drives and pools

No I am still seeing some CloudPart_xxxxx Folders on my C/System-Drive that I've did not put there.

Even worse, I cannot delete these using the explorer...when I try to open these, windows reports them as damaged :-(

 

This is exactly the reason why I don't do any complex things with windoze ... I know Clouddrive is beta, but I really don't like being not in control of my data or my system.

Link to comment
Share on other sites

  • 0

thanks for taking this back to Alex.

 

I now tried the setup the other way around:

 

- creating an encrypted clouddrive on one local disk each

- then pool the cloud-drives

- then enable duplication on some folders.

 

...this basically works, but I am not able to create a cloud-drive with the real size of he full local disk.

These disks are 2TB greens....but their net value/space is 1.82TB...I can only select to create 1TB or 2TB cloud disks, where the 2TB would be too much, wouldn't it.

How can I manage my 2TB cloud drives from "overfilling" when the data reaches the physical limit of the real 2TB (1.82TB net) disks?

 

TIA,

   Fred

I apologize if it's not clear. The size can be manually typed in.  You can type in 1.81TBs if you want. 

 

As for overfilling, for the actual "drive", it will error out and give you a free space error just like a normal drive.

 

 

 

 

....something got messed up.

 

Drivepool reported some drives (cloud drives missing), while the Pool, created from the raw drives (where also the cloud drives were created on locally) reported all drives fine.

Also clouddrive did report some cloud drives as attached and some as non existant.

 

....I destroyed all cloud drives and pools

No I am still seeing some CloudPart_xxxxx Folders on my C/System-Drive that I've did not put there.

Even worse, I cannot delete these using the explorer...when I try to open these, windows reports them as damaged :-(

 

This is exactly the reason why I don't do any complex things with windoze ... I know Clouddrive is beta, but I really don't like being not in control of my data or my system.

 

What version are you on? What OS? 

And could you grab the contents of "C:\ProgramData\StableBit CloudDrive" and upload it:

http://wiki.covecube.com/StableBit_CloudDrive_Log_Collection

Just use the upload form at the bottom of the page, you don't need to do the rest

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...