====== Network Attached Storage (NAS) ====== ===== Synology ===== * [[https://blog.elcomsoft.com/2019/11/synology-nas-encryption-forensic-analysis-of-synology-nas-devices/|All Synology NAS devices use a single, pre-set wrapping passphrase as opposed to the user’s logon password.]] > Encryption passphrases are stored on the system partition in files under /usr/syno/etc/.encrypt/@keystore, where each of them is encrypted as a libsodium Sealed Box (the ecryptfs wrapping with the infamous $1$5YN01o9y password is not used here — it is applied only to the exported keys). This encryption method by itself would be pretty secure; however, the secret key for those sealed boxes is stored in /usr/syno/etc/keymanager/info.cfg without any further encryption, so it is mostly trivial to decrypt the data in the boxes and get the passphrases for shared folders. > >The /usr/syno/etc/keymanager/info.cfg file is apparently generated when the internal key store is initialized; I did not yet check whether the keys and UUID in there would be different after a password reset or reinstall (probably they would, but that does not help much, because the encryption key and encrypted data end up on the same filesystem anyway).[(https://old.reddit.com/r/synology/comments/p85luj/comment/i39it42/?utm_source=reddit&utm_medium=web2x&context=999)]