Upload True Crypt Files to Encrypted Cloud Storage

Here's one that requires your morning coffee:

What happens when you save a bunch of encrypted True Crypt files to cloud storage that itself encrypts and decrypts files as you upload and download them?

I know. You hate me already.

 

What do you think happens? It works just the same

 

I use AxCrypt for my dropbox files. Cloudfogger is supposed to be good too, but I haven't tried it.

TrueCrypt is an excellent program, but I don't like using its containers with cloud storage because if you change one file in a container, then the whole container has to be reuploaded to the cloud as opposed to just the changes.

 

The worse thing that could happen is for the cloud provider to keep a copy of your TrueCrypt container, and to decrypt it some time in the future when the computers are powerful enough to do it, or when a vulnerability in the encryption algorithm will be found.
It sounds like a joke, but it is something people should consider when storing even encrypted data in the cloud.

 

I really didn't post the question for the sake of humor. Please don't be misled by my avatar.

Your response, and please excuse me for lapsing back into my instructor persona here, reminds me of some very bright computer students I had who actually believed that you could make a file even smaller and smaller by repeatingly Winzipping it. Well, fact is the Winzip algorithm actually made that initial Winzip file larger and larger with each application. A pedestrian mistake, but one that's easy to make if one is cavalier.

If you think about it, my question is quite valid and involves the interaction of two potentially inharmonious algorithms.

Now that could be the "deal breaker". Thanks. I hadn't thought of that, cause I don't know too much about TC yet.

Another hesitation I have, and I believe most users and especially corporations are too cavalier about it, is the obvious fact that cloud storage can never be truly "secure". I know "the cloud" is the current rage. I also know my Mama didn't raise a fool.

And Nebulus, you addressed that quite nicely. Thank you.

Thanks all.

 

Simple software would look for any difference between the local and remote copies, and if the local file has been changed in any way, upload a full copy of the local file. So even if a small number of bytes changed in a large container file, the whole large container file would be uploaded. There are more advanced approaches though, which endeavor to zero in on the specific differences and generate a patch lets call it. The patch will contain only that file data and change metadata necessary to modify the remote file to become identical to the local file. These approaches can save a huge amount of bandwidth, but require more sophisticated client and server software.

One issue with TC container files is that they are usually of a fixed size and have a large amount of free space within them. Which would make at least the initial upload or download potentially very time consuming. You can create a dynamic or sparse file volume if you are willing to accept the consequences (docs explain this).

Edit: Note the warning that would be applicable to backing up container files themselves... http://www.truecrypt.org/docs/how-to-back-up-securely

 

Do the same, think about what I said and asked, the subsequent replies and do not jump/lapse to conclusions.

 

Follow Cudni's advice. You're coming across as one who acts like they don't know much, but seems to already have ready answers. And not just this thread.

Good luck!

 

1) I'm confused as to what that reply means.

2) Yes, I do know more than my avatar indicates, just not that much more.

3) No, I do not ask questions, the answers to which I already know.

4) What I do is lots of homework on my own, before and after I post a question.

5)

I thought that response was both mean-spirited and meaningless. It added nothing to the discussion.

6) And after posting my question, which I think was quite valid (either the harmony or disharmony of two different encryption algorithms), I still don't have a definitive answer.

7) Sometimes "I don't know" can be the most helpful answer.

The only conclusion I can reach is that trusting the cloud, with encrypted or unencrypted data is probably not a good idea. That's really all I have learned thus far.

I apologize if I have hurt anyone's feelings. That is never my intention. My intention is only to learn; and about TC I am probably the most ignorant person you could ever hope to encounter.

Regards,

IG

 

What is meant by "works the same" is that your file is encrypted and sent to the cloud.
When you request your file back, it is sent to you and decrypted such that it is the same as when it started.

If your file was not returned exactly as it started, it would be a problem whether or not you did extra encryption.

As for storing data in the cloud in general, you absolutely should encrypt everything yourself. A cloud system that uses its own encryption is obviously better but still not good enough. Once it is in the cloud, you have limited control of it. If you encrypt it first with encryption you trust, you regain full control. Assuming you choose a complex password of course.

 

with Dropbox (and maybe other services I am not aware about), it does not upload the whole container after any change, just the file you change.
This does not happen with Skydrive or Gdrive.

 

First of all, dogbite and chiraldude, thank you for bringing us all back on topic.

1)

That statement almost qualifies as a tautology. Of course, we all know that it's encrypted and then decrypted so it would be the same (hopefully).

The bigger question, however, is how the two encryption algorithms interact.

2)

A)

Yes, that's true with my cloud storage with "straight, unencrypted data". As I mentioned, I know nothing of TC - or how cloud storage would view TC data - either as a set (a container - which quite frankly I know nothing about) or as members of a set (individual files).

B) Right now the topic is moot for me. That comes from mulling over your comments, quite a bit of reading over the past few days and then my own introspection. Briefly, I've learned in life that if you entrust your money, for example, to someone else, you can assume you will never see it again - whether it be a bank, a loan to a friend, whatever. Same with cloud storage. I think that all these corporations who are jumping on the Cloud Storage Bandwagon are risking more than they could ever imagine.

I lived in China for awhile and know for an absolute fact that the China military holds annual competitions to see who can break into the most "secure" computers around the world. The winner of these "events" receives lots of perks and a promotion. No, I didn't just read that somewhere. I know it for a fact. I also know where they hold the competitions.

In conclusion, I want to thank all of you for your advice and direction. As you have experienced, I think out loud in these forums. I don't just ask a question or pose a problem - and then kick back and chill. I think to do so would be a complete insult to your intelligence and a waste of your time and knowledge.

I think it is my duty as a member to provide feedback, so that we can all learn. On one other forum recently, I was told to lose the Daffy Duck avatar and present myself in a more "honest" way, i.e. as someone who has a significant body of knowledge.

What the Daffy Duck avatar communicates is two things:

1) I do not take myself all that seriously, nor do I need my ego stroked.

Truth be known, I do not tell people too much about who I am or what I have done in my life. Only insecure people do that. More importantly, I find that talking about myself only leads to smugness and complacency on my part.

2) Most of my life has been spent ascending a learning curve. Put another way, I have always been thrown into deep water and had to learn how to swim. I like that. I like feeling inferior and frustrated by a need to "catch up".

Honest statement and conclusion:

1) Encryption is an extremely complex area. As one of my associates at Caltech reminded me, there is no such thing as a random number generator. Why? Because all random number generators use an algorithm and an algorithm has a pattern. Dr. Polidori went on to say that the only truly random numbers would probably come from star noise.

2) In this field I really am Daffy Duck. Hell, I don't even know turn-key software like TrueCrypt. That's pretty darned ignorant, wouldn't you say?