Jump to content
  • 0

Questions regarding CloudDrive, Encryption and DrivePool


ottoman

Question

Hi, I want to encrypt my HDDs and pool them together. I use TrueCrypt for encryption, but since DrivePool does not support TrueCrypt volumes, I want to give CloudDrive a try and replace TrueCrypt.

I created an encrypted CloudDrive on every disk using the Local Disk Provider. I am doing it this way because I want to use SnapRAID later on to create parity for the disks.

During my testings with CloudDrive, several questions arose:

 

1. Is there some way to store the header of the encrypted volume in case it gets overridden, like there is with TrueCrypt? Or would such a function be pointless in CloudDrive?

 

2. Is it possible to mount the encrypted drives with a command line interface or do I have to mount them separately by hand after every reboot?

 

3. Why does CloudDrive create a cache for local drives? I tested this in a VM using disks of 1GB and 10GB size. Every time a new drive is created, some cache folder is created too with the same size as the disks, although I set "Local cache size" to none or only 10MB. Is this a bug or oversight or is this intended? I want to use disks with several TB and don't have the space for such large caches.

 

4. Maybe the way I want to use CloudDrive is not really the purpose of the tool. Is there some other way to achieve the following things:

- encrypt several disks separately

- disks can be external and not connected to the computer all the time

- decrypt them via a command line interface and not "by hand" each time

- mount them to a NTFS mount point

- be able to pool them together using DrivePool

Is Windows BitLocker maybe able to do that?

Link to comment
Share on other sites

3 answers to this question

Recommended Posts

  • 0

  1. I'm not sure, as this is definitely a more technical question. However, I don't think so.  Specifically, CloudDrive encrypts the ENTIRE drive, include the file allocation table.  So, I'm pretty sure this isn't needed here. 

    I'll flag the question for Alex (the developer), because I'm not sure.

    https://stablebit.com/Admin/IssueAnalysis/22844

     

  2. Not currently, but that is something we could definitely see about adding.

    Though, there is the option to automatically unlock the drive at system startup. This is done by leveraging the Windows Credentials Manager, IIRC, so it should be very secure (if you're not confident about that... encrypt the system disk)

    Requested here: https://stablebit.com/Admin/IssueAnalysis/22843

     

  3. Because the infrastructure for the product is designed to be used for Cloud Providers. Since we don't want to create special exceptions for some providers (adding unneeded complexity, basically), it still has a cache.  It's used for pinning file system data, as well as an "upload temp".  The "neat" thing here, is that you could use an SSD or the like for the cache drive (if you don't mind "trashing it") and this would create a very fast drive. Faster than the drive the CloudDrive is stored on. 

     

    Setting it to "none" means that it will continually try to purge all data off of the cache. And if you look at the cache files, while it may report the same size as the disk you're creating, the "Size on disk" is actually much, much smaller.

     

    Additionally, the cache allows for continued access to the drive (at least in a limited fashion), if something happens to the provider (in your case, the local disk).  This should help prevent performance or reliability issues, even if the disk is having problems. 

     

  4. Aside from the command line thing, you should be able to do all of that already. 

    However, StableBit DrivePool absolutely supports BitLocker, if you wish to use that instead. 

Link to comment
Share on other sites

  • 0

1. Is there some way to store the header of the encrypted volume in case it gets overridden, like there is with TrueCrypt? Or would such a function be pointless in CloudDrive?

 

I think the equivalent of a TrueCrypt volume header in StableBit CloudDrive is the drive metadata. The drive metadata is a file that's stored in the cloud (or locally for the Local Disk / File Share providers) that describes your drive. It contains the size of the drive, the block size, the provider type, etc... In essence it contains everything necessary to mount the cloud drive. In addition, if the drive is encrypted, it contains the necessary data to validate your encryption key.

 

Currently StableBit CloudDrive doesn't have an automated way of backing up this file, but if your cloud provider lets you browse your cloud drive, the file is named [GUID]-METADATA (sometimes it's stored in its own folder). If your cloud provider loses that file, your cloud drive becomes inaccessible. So it might be a good idea to back that file up, and it might not be a bad idea to add this feature to the app at some point.

2. Is it possible to mount the encrypted drives with a command line interface or do I have to mount them separately by hand after every reboot?

 

A CLI for StableBit CloudDrive is a great idea. Actually, I've just finished completely overhauling the CLI for StableBit DrivePool in the latest internal BETAs (you can check out my latest Nuts & Bolts post on that). That work can certainly be carried over to StableBit CloudDrive in the future.

3. Why does CloudDrive create a cache for local drives? I tested this in a VM using disks of 1GB and 10GB size. Every time a new drive is created, some cache folder is created too with the same size as the disks, although I set "Local cache size" to none or only 10MB. Is this a bug or oversight or is this intended? I want to use disks with several TB and don't have the space for such large caches.

 

In addition, if you have a SSD, that could make for a great local cache.

 

But yeah, it all comes down to optimization. StableBit CloudDrive's architecture was optimized for the cloud and that's what we're shipping in 1.0. We can certainly factor out the cache for the Local Disk provider in the future, but at this point, we simply don't have that.

Link to comment
Share on other sites

  • 0

Thank you for your very detailed answers. Regarding #3 you are right. The cache file reports a size which is not equal to the "size on disk". I came to the conclusion that CloudDrive is not really the tool I need. But I may try CloudDrive again when Amazon CloudDrive is available in my country and the provider is stable. Right now I am looking into BitLocker+DrivePool and it seems promising :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...