The filename limit comes from ecryptfs (https://www.ecryptfs.org/) which is what Synology uses for encrypted shared folders.

As for full disk encryption, you can select where to store the key, which may be on the NAS itself (rendering FDE more or less useless) or on a USB key or similar.

▲ tecleandor 5 days ago | parent | next [-]

For full disk encryption you need DSM >= 7.2 and you can either, store it locally (useless) or in a KMIP server. [0]

As a KMIP server you use:

  - Another Synology NAS with DSM >= 7.2
  - A KMIP compatible key server

Except for the demo implementation that Synology uses (PyKMIP), all the KMIP compatible servers I've found have licenses in the tens of thousands a year. So if anybody has any suggestions to substitute PyKMIP...

  0: https://kb.synology.com/en-global/DSM/tutorial/Which_models_support_encrypted_volumes

▲

8fingerlouie 5 days ago | parent [-]

I remembered wrong. I’m fairly certain that Synology, at some point, allowed you to store the encryption vault on an external (USB) drive, but apparently not anymore.

	▲	MobileVet 5 days ago \| parent [-]
		You didn't remember wrong, I have mine stored on an external drive. I am using DS 6.x though

▲ mtillman 5 days ago | parent | prev | next [-]

My disk station uploaded 54gb to synology servers the other day before I had my router block outbound. Trash product.

▲ aborsy 5 days ago | parent | prev [-]

Why can’t the user enter the encryption passphrase in DSM, which is actually the default in LUKS and allowed in TrueNAS etc?

The DSM itself lives in an unencrypted partition or volume. Applications with data in encrypted volumes will be inaccessible until the volumes are unlocked.

As usual, there is an easy workaround. You can run a KMIP server in a docker container and set up an external keystore. Once synology allows you to proceed with volume encryption, you can discard the KMIP server if you want and use the recovery keys.