I wish to lock the WD MY Book Live so that when it is powered down you would need to unlock it to acess the contents, so if stolen for example my photos are protected with encryption.
The MyBookLive does not have hardware encryption. You can first lock access to the device’s user interface by creating a password so only you can go into the device to make changes to the drives configuration. To protect content from access, you can create Private shares and copy your data into these shares. Then you assign user(s) that require password access to gain access to the content.
So if on a network, only those users who access the private share, they must provide a password that you provide.
So just to confirm the lack of hardware encryption means the data is stored straight on the drive but as this product only has a Ethernet port for access, using Private shares with the device’s user interface locked with a password you are telling me that no one could just plug my device into their own network (or directly to a pc) and get access to the files ?
the WD MyBook Live contains a normal 3,5" harddisk which can (theoretically) be connected to any computer. You don’t *need* to use the WD case and the network. So: no, not 100% secure.
BUT: the WD MyBook Live’s system runs Linux, which can do encryption easily. The system runs a modified version of Debian Lenny specifically adopted to the WD hardware, so you can easily implement encryption, probably using any instructions for Debian Lenny.
However, I don’t know what this will do to the drive’s performance (since the built-in CPU isn’t meant to do this kind of heavy lifting). I suspect the drive will become noticeably slower.
You’ll still be able to write to it at around 10MB/s with encryption enabled (guesswork based on scp transfer of files). So it’s far from unusable.
It isn’t easy to take the drive out and connect it to a computer, but it’s certainly possible. If you didn’t care about damaging the enclosure the process would be trivial. Likewise, if you locked it with a kensington and then gave it a sharp tug, the plastic case would shear and the thief could walk off with it anyway.
you’re welcome. I too would love to see WD enable encryption on the drive. And they might have reasons for not enabling it (import / export restrictions regarding crypto software?).
the Kensington lock doesn’t do you any good if somebody raids your house while you’re away.
and
Encryption doesn’t get you your data back if the device is stolen.
So:
if you want THEFT protection, use a Kensington lock, but don’t wait for encryption.
If you want DATA protection, use encryption - but then also take care not to travel to countries where they lock you up for failing to provide a password, like England. See also http://xkcd.com/538/
I can’t think of a sensible place to put the key if encrypting the volume. The device doesn’t have a usb port, so an encyption key on a usb stick of via a keyboard isn’t really an option. I think the only reasonable option is to stop it automounting the volume, and need to ssh in to enter an encryption key any time it’s rebooted.
This requires repartitioning the drive, which is no big deal, but probably also reflashing with a new kernel with encryption supported. That’s a bit more difficult.
Regarding the kensington, I am absolutely certain that I could pull the lock out of the chassis, breaking the chassis slightly in the process. There isn’t really any metal inside it, only a very thin pressed cover which would also shear, even if the lock passed through it, which it doesn’t. It’s a hole in a thin piece of plastic.
The lock itself would be fine, indeed you could reuse it afterwards once you picked the fragments of plastic out of the end.
I agree with jonj678, the kernel does not load any module (on the MBL) and it *seems* to have been compiled in such a way that it lacks the necessary features to enable disk encryption.
I made some tests file transfer, encrypted/decrypted on the fly by the device and I can confirm that it does not affect the transfer speed. I also monitored the cpu usage and I found the result to be more than satisfying.
So if someone is courageous enough to try and activate encryption, please, let me know. I am highly interested.
Actually, it appears that the kernel was still compiled with module support. So it *could* be possible to compile and add the necessary modules to enable drive partition encryption support.
I did compile openvpn on the drive, so I can tell that performances exceed expectations. So I think it would be the easiest way to proceed for someone willing to go through with it.
