Frequently Asked Questions

We answer some common questions here. Add a comment best dissertation or mail us if you have questions, that might be interesting for others, too.

Error: Failed to load processor TOC
No macro or processor named 'TOC' found

I successfully opened a volume. How can I access the data now?

  • CryptoBox live-CD: browse the network neighborhood for the CryptoBox (in M$ Windows), scan the network (with KDE or Gnome). If you like terminals use smbmount or mount -t smbfs to access the network share.
  • CryptoBox-Server: you should ask your administrator, which way is the best to access the mounted volume. In case you are the administrator, then you should take a look at the configuration file for the MountDir setting. Publish this directory via your favourite fileserver (e.g. samba, webdav, nfs, ftp, ...) and tell your users how to reach it.

Recently I partitioned my harddisk. Now I can open the volume without a password. Isn't it encrypted any more?

The partition manager creates non-encrypted volumes by default. If you want to enable encryption for a volume, then you have to format it. Be aware that this will erase all data of the volume.

How can I restrict access to certain data?

The CryptoBox does not support user and access management for now. Everyone in your local network can access all open volumes for reading and writing. This behavior is based on the assumption, that there are no evil guys in your local network. Please take care for this!

For the next major release (v0.4) we plan to implement user and access management.

There is a user manager available in the preferences section. What is it good for?

It's aimed for administrative tasks of the CryptoBox. Administrators can disable functions of the CryptoBox for other users (e.g. disabling the shutdown function). This way the webinterface can be customized to the needs of the users. The default admin password is admin, change that immediately!

Users who just want to open and close volumes do not need an administrative account.

How do I use the server package from the Debian repository?

The CryptoBox server package is not part of the official Debian repository (at least for now). But you can use our systemausfall.org repository for installation.

  1. Add the following to your "/etc/apt/sources.list": 
    deb http://systemausfall.org/toolforge/debian unstable main
  2. Run: 
    apt-get update && apt-get install cryptobox-server

The installation works fine with the upcoming Debian/etch and with the Ubuntu/edgy universe repository.

How do I use the source package in other Linux distributions than Debian?

Read the following HowTo: CryptoBox server source installation

Is there any plan to let the CryptoNAS boot off of a usb-stick?

This will be part of CryptoNAS release 0.4. Experimental development snapshots for you to try out are available at http://snapshots.cryptonas.org . This is presently being hosted off of a home DSL line, so you should expect transfer rates of 40KiB/s or less. Depending on demand, this could be further rate-limited in the future or moved to a different hosting site with more capacity. When reporting bugs, please note the SVN revision number (i.e. rNNNN within the http://snapshots.cryptonas.org/snapshots directory structure) that the bug report corresponds to.

Are CryptoBox Containers from v0.2 supported in v0.3?

At the moment there is no automatic way of using an encrypted disk of the 0.2 series in a CryptoBox running the 0.3 series. That's because we did a major redesign of the CryptoBox functionality within the last year. We're sorry for the unconveniance!

My IP address changes while rebooting with different disks, what's wrong?

This concerns just the CryptoBox live-CD, not the server package. The only way to store information (e.g. the IP address) while using a read-only live-CD is to use the connected disks. (That's way you get a warning message "read-only setup found" if no disk is connected.) Now, after you changed some values (like IP) they'll be stored on the first available disk. If you afterwards boot with no disk connected, the CryptoBox will start with the default values. You can store different settings (e.g. for network) on different disks und use your CryptoBox that way in different environments.

How do I get access to my encrypted data without the CryptoBox?

The CryptoBox makes use of a standard encryption technique called "cryptsetup-luks", thus making it easy to use your disks in different places. The following list describes some ways we tested. Please add some more yourself!

  • Most uptodate Linux distributions support the installation of the "cryptsetup" package, which provides the needed encryption tools.
    • e.g.: Debian, Ubuntu, OpenSuSe, CentOS, ...
  • known working live-CDs:
    • Ubuntu 7.04 -- excellent support; plug in, give passphrase, use.. (our recommendation)
    • grml 0.9 -- use cryptsetup in a console
    • Sabayon Linux 3.2 mini edition -- use cryptsetup in a console
    • Plop 3.5.7 -- use cryptsetup in a console
  • not working live-CDs:
    • Knoppix v5.1.1
    • Puppy Linux 2.12
    • Damn Small Linux 3.1
  • Microsoft Windows Products
    • successfully tested with FreeOTFE in Win XP
    • should work on other Windows Versions even on PDAs, too
  • needs more tests
    • MacOS -- not tested yet

I have problems with containers using ntfs …

CryptoBox versions prior 0.4 had only read acces to ntfs containers. With version 0.4 it also supports write access, but there are still some limitations. For further questions regarding ntfs please read the NTFS-3g support page. Remember you still can't format a container as ntfs with the CryptoBox webfrontend. If you choose "windows" as filesystem type it will get formatted with vfat.

Some translations could be optimized.

You can comfortably make changes and add new languages in the translation center.
English is the basis for all CrypotNAS translations, that's why it is not so easy to correct errors - just mail us your hints.

What about "cold boot" attacks?

See a recent paper describing this type of attack. At present, there are other, easier ways adversaries with physical access to the machine could gain unwanted access, such as the use of JTAG. There are a few things you can do to protect yourself, however. Don't leave encrypted volumes mounted longer than necessary. If you want to make sure the contents of RAM are completely gone, power off the computer for 10 minutes. Many BIOSs have an option that looks like "Fast boot: ON|OFF". Turning this option "OFF" typically performs a what's known as a "destructive memory test" at startup; that is, the data in RAM is destroyed without harming the physical hardware.
If a government agency is about to break into your house, it could be safer to reboot with such a memory test enabled rather than simply pulling the power cord.

Go back to user documentation overview or to the CryptoBox Homepage. Legitimate work from home dissertation cheap research papers