Manufacturer: RaidSonic (www.raidsonic.de) Device: NAS-4220-B Firmware: 2.6.0-n(2007-10-11) Device Type: end user grade NAS box OS: Linux 2.6.15 Architecture: ARM Designed by: Storm Semiconductor Inc (www.storlinksemi.com) Problem: Hard disk encryption key stored in plain on unencrypted partition. Time line: Found: 09. March 2008 Reported: 09. March 2008 Disclosed: 16. March 2008 Summary: The NAS-4220-B offers disk encryption through it's web interface. The key used for encrypting the disk(s) is stored on a unencrypted partition. Therefore one can extract the encryption key by removing the disk from the NAS and reading the value from the unencrypted partition. The key itself is stored in a file in plain (base64 encoded). Therefore the NAS-4220 crypt disk support can not be considered secure. Details: The NAS-4220-B can hold two SATA disks. Disk are encrypted through a loop back device using AES128. The problem came to my attention when I could access the NAS after reboot without suppling the hard disk key. The key is stored in /system/.crypt, "/system" is a small configuration partition on the same disk that holds the encrypted partition. The system partition is created by the system software running on the NAS-4220. The configuration partition of the second hard disk is not mounted by default but also contains the .crypt file holding the key for the encrypted partition on the same disk. Accessing the key (key value is the example I used): $ cat /system/.crypt MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= key in plain key in base64 12345678901234567890 MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= Base64 decode: #!/usr/bin/python from base64 import * print b64decode("MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=") Reported by: Collin Mulliner Collin's Advisories: http://www.mulliner.org/security/advisories/ -- Collin R. Mulliner BETAVERSiON Systems [www.betaversion.net] info/pgp: finger collin@betaversion.net If you have to run heating in winter, you don't own enough computers.