Mobile WiFi NAS on Raspberry Pi with TrueCrypt
Mobile NAS sounds like an idea worth waiting for to run on my mini Raspberry Pi Model A. Unfortunately, it only took me a while, before abandoning it. I’ve waited since writing about Raspberry Pi USB problem, that is to finally cut the backfeeding power line from the el cheapo powered USB hub. There comes new problem afterward, my “big storage” ―a Seagate® Backup Plus Slim Portable Drive, shipped with no bulky power supply line― can’t be mounted. Silence soon follows rotating motor sound a while after plugging-in. I’ve tried both ext3 and NTFS (using ntfs-3g) without luck. Later, as benchmark whether it is USB power in question, I try to connect the same set of el cheapo USB hub plus external power to laptop, and it works, leaving me stranded with other issue (is it USB 3.0? 256MB of the Model A? Anything?). I must say that it isn’t completely not-working as the USB hub set can mount with USB to IDE converter and my old internal hard disk (noting that there shouldn’t be similar power issue this way). If only it weren’t for the AC power adapter and large size, this is Mobile NAS; beats me.
I then turn away to motor-less small storage, a 32 Gigs USB thumb drive so I can move on to other concern: on-the-fly encryption. Hence, I follow instructions to install True Crypt on Raspberry Pi. After unpacking of
TrueCrypt 7.1a Source.tar.gz in place, putting header files from
pkcs-11-cryptoki2.20, and then install
libfuse-dev, the following
make will require long time:
$ export PKCS11_INC=/usr/local/src/truecrypt/pkcs/ $ make NOGUI=1 WX_ROOT=/usr/src/wxWidgets wxbuild Configuring wxWidgets library... Building wxWidgets library... /usr/src/wxWidgets/src/common/string.cpp:84:39: warning: ‘wxEmptyString’ initialized and declared ‘extern’ [enabled by default]
$ make NOGUI=1 WX_ROOT=/usr/src/wxWidgets wxbuild Compiling Buffer.cpp Compiling Exception.cpp Compiling Event.cpp ... ../Crypto/Aeskey.c:527:25: warning: operation on ‘ss’ may be undefined [-Wsequence-point] ../Crypto/Aeskey.c:527:25: warning: operation on ‘ss’ may be undefined [-Wsequence-point] ../Crypto/Aeskey.c:527:25: warning: operation on ‘ss’ may be undefined [-Wsequence-point] ... Converting Language.xml Compiling Resources.cpp Linking truecrypt
I created the TrueCrypt volume separately via its desktop GUI with
ext3 file system to then mount it in Pi to a configured Samba share. As pointed out in a post, the following changes are added to
... wins support = yes ... [pitruecrypt] comment= Pi Truecrypt Volume path=<the mount path of the USB thumb drive TrueCrypt volume> browseable=Yes writeable=Yes only guest=no create mask=0777 directory mask=0777 public=no
and then user-password are entered via interactive command.
For mobility, I already had the Pi as WiFi access point using
hostapd (check these steps) and power bank, so it’s now matter of performance. In the case of
rsync, initial sync of some 1,500 items totaling in 1 Gig size elapses in approximately the same 12 minutes of time compared to one bulk file of the same size. Of course, over the next incremental sync, it only takes less than a minute for the thousand items to just update slight differences.
Back to security, there surely risk by opening Samba share to mounted TrueCrypt volume. But, for me it would be practically manageable (cross my finger). There is more concern to the fate of TrueCrypt after it is being closed in such a weird way, given that last audit finds nothing severe. Anyway, I found brute force tool, but no critical attack exists currently, unless e.g. it stays powered on and mounted, the person gain physical access. Beats me again.