What program would you use to encrypt your data before uploading it to the cloud?

Discussion in 'privacy technology' started by Dchz92, Jun 3, 2013.

Thread Status:
Not open for further replies.
  1. Dchz92

    Dchz92 Registered Member

    Joined:
    Jun 2, 2013
    Posts:
    16
    I am using Truecrypt, and have been clouding my data by creating truecrypt containers and uploading them.

    It is a little inconvenient to be creating new containers each time I upload new data, and I realize there has to be better ways that are just as secure. I am thinking of using a program such as Axcrypt to encrypt my data before sending it to the cloud.

    Is Axcrypt encryption security comparable to Truecrypt? Or are there far better alternatives? How would you encrypt your data before clouding it?

    Thanks in advance
     
  2. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,557
    Just curious. Why do you have to create new containers? I regularly upload TC containers, but I just upload the same that I am already using.

    The problem for me is that it´s necessary to upload the whole container even if only one file has changed.
     
  3. Dchz92

    Dchz92 Registered Member

    Joined:
    Jun 2, 2013
    Posts:
    16
    I always have to create new containers whenever I update my backups because the updates won't fit in the original containers.
     
  4. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Some use Cloudfogger, which is specifically designed for encrypting the cloud stuff.

    It's very easy and comfy to use, however not open source.
     
  5. Dchz92

    Dchz92 Registered Member

    Joined:
    Jun 2, 2013
    Posts:
    16
    Dogbite

    Thank you for your reply, I have read about this program somewhere and the drawback was that sometimes (if you are not careful) you can accidentally cloud unencrypted data or something like that.

    That is why I am looking for a file encryption program like Axcrypt where I have more control, but I am not sure which one is as similarly secure as Truecrypt.
     
  6. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    I understand completely where you're coming from, and I'm with you on the having to replace old volumes with larger ones. The answer is (as with pretty much everything else): it depends.

    The main thing is, what are your purposes, and what are you personally willing to put up with. What is your balance?

    If you're simply looking to have offsite storage for files that won't change, then you shouldn't have a problem with TC volumes. But if you're trying to dynamically and constantly backup a entire folder structure that is always changing, then it's a bit more difficult.

    My question is, what exactly are you trying to do? There are really too many variables to offer a one-size-fits-all solution. Do you have constantly changing files and folders that you are looking to have easy access to, on the go? Or are you just looking for a secure way to backup important files to cloud storage in the (hopefully unlikely) event that your local hard drives fail?

    What is the size of the overall dataset you're looking to back up? And what is the typical file size? And how quickly does the data set grow?

    These are all pretty important details. I have a few different schemes that are recommended, depending on what exactly you're looking to do.
     
  7. justpeace

    justpeace Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    48
    Location:
    127.0.0.1
    7ZIP is good enough for my needs. You can compress an entire folder into a 7Z archive with AES from the command line or a context menu.
     
    Last edited: Jun 4, 2013
  8. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    572
    Location:
    Bosnia
    I'm using 7Zip.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I use two cloud backup services, Crashplan and Jungledisk. Both use separate passwords/encryption keys and they encrypt the data before it leaves my pc to their storage servers.

    Both utilize the ability to set separate keys for the data so even I can't even use the restore functions without the key, and they can't help recover the key if I forget it so their employee's have no access to the data.

    Pete
     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    I don't use cloud storage at all, but if I would use it, it would be for medium/long term storage/backup. That means that I will rarely access the data, so I would place my files inside TrueCrypt containers and then store them in the cloud. This is not very convenient if you want to access your files frequently, but for long term storage, it is perfect.

    As a side note, I would never trust any cloud provider with the security/privacy of my data.
     
  11. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    An easy way is go to Truecrypt settings, uncheck

    "Preserve modification timestamp of file containers"

    This is why your date never uploads when you change the content in your Truecrypt container, it is not a security feature unless you dont want the container to tell when it was last accessed/modified. which would be basically null in this case anyways because your using cloud storage.

    You can create your container right inside your Dropbox folder it will upload during creation which cuts time down because its uploading as its being created, When you Mount your TC container it is only mounted on your machine, your dropbox will not upload the modified encrypted content until it detects the change after you Close the Container and TC writes the modification timestamp, then only the modified contents you added will be uploaded, no need to reup your entire container just the modified parts upload on their own after you close your container.

    Not many cloud storage providers allow files over 250mb for free, Dropbox Offers 2GB, idrivesync offers 10GB for free without file size restrictions. idrivesync also lets you use your own private encryption key during sign up. this way your the only one with access to it because your the only one with the key! the only downfall of idrive sync is NO easy support for Linux yet.
     
    Last edited: Jun 4, 2013
  12. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Depending on your threat model, you could use a compression application like 7Z or Winzip Secure (but risk possible temp files on your source drive) or stick with TC. I would also consider your own cloud storage on your own domain as opposed to the cloud storage providers for the masses. You also have to consider whether privacy (as well as security) is important.
     
  13. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    With something like Dropbox that has sync capability, this works. That's one of the setups I would recommend depending on one's personal situation...

    I don't know what providers you know of, but a 250MB file size limit is not common, even with free accounts...

    Even the big 3 are well beyond that:

    Google Drive: 15 GB space (free), 10 GB file size limit
    Microsoft SkyDrive: 7 GB space (free), 2 GB file size limit
    Amazon Cloud Drive: 5 GB space (free), 2 GB file size limit (and Amazon S3 offers the same 5GB free space, and a 5 TB file size limit..which, let's face it, isn't really a limit)

    And then there's others that knock that out of the park:

    Mega: 50 GB space (free), unlimited file size
    ADrive: 50 GB space (free), 16 GB size limit
    Bitcasa: 10 GB space (free), unlimited file size
    FileChum: 20 GB space (free), 20 GB size limit
    Crashplan: Unlimited space (paid), unlimited file size

    Even Dropbox can get up to 18.75 GB free space (with referrals) and unlimited file size if you use the client app.

    https://en.wikipedia.org/wiki/Comparison_of_online_backup_services

    https://en.wikipedia.org/wiki/Comparison_of_file_hosting_services

    Other services offer this as well, but there's still always concerns...

    1a) Without analyzing the guts of the operation, you can't really be sure of that.

    1b) Even if the encryption is there at one point in time, the provider could "at any time modify the script loaded by the browser to send the key used for the encryption to a web server. This is a basic problem in all situations where the key-handling program comes from an untrusted source." [link below]

    2) Even if you trust the provider as being honest (e.g. Mega, who has a strong interest in having plausible deniability of its users uploaded content), again, without analyzing the guts, you can't be sure they are competent (i.e. that they haven't implemented the encryption scheme in a poor manner). Indeed, one of the first analyses of the service revealed beginner's mistakes in the usage of crypto functions.

    3) Encryption doesn't offer full protection if the service utilizes a de-duplication scheme (which quite a few do). As mentioned in the above link, if it were determined that a specific user uploaded a file with criminal relevance, a provider who utilizes such a setup would be able to determine if any other user also has a copy of the problematic file. What's more, it would also be possible to deliberately create such a situation in order to search for specific content.

    So client-side encryption implemented by the provider is only any good if you:

    a) trust the provider isn't lying

    b) trust the provider implemented the encryption scheme properly and securely

    c) trust the provider won't flip the script on you (literally) and grab your key (e.g. at the request of government authorities, perhaps?)​

    If you're data is really that sensitive, you're really better off encrypting it yourself.
     
  14. Dchz92

    Dchz92 Registered Member

    Joined:
    Jun 2, 2013
    Posts:
    16
    Thank you everyone for all your replies and suggestions, a lot of great feedback and I will be looking into them all.

    This is very interesting... Okay I am using a large truecrypt container to update my project files daily and its over 10GB so this probably won't work for 10GB?

    However, I am only actually using less than 100mb of my files (txt, doc's) and most of the rest are archives for reference purposes.

    If I create a smaller 100mb container, I would have this container mounted most of the time and so I would have to manually dismount it- and it should automatically sync to dropbox, encrypted?

    Would this work?
     
    Last edited: Jun 5, 2013
  15. Dchz92

    Dchz92 Registered Member

    Joined:
    Jun 2, 2013
    Posts:
    16
    Hi JackmanG,

    I am glad you understand where I'm coming from and as secure as my setup is, it'd like to make it more efficient and retain similar security levels.

    To answer your question, what i'm trying to do is long term backup so I don't need daily access to my uploaded files.

    I wrote another thread that explains exactly how I am backing up my files here:
    https://www.wilderssecurity.com/showthread.php?t=348106

    The size of my overall data set?
    They range from 4GB to 7GB files. My project notes are constantly updated everyday and the main file that contains everything is roughly 2GB although I create a smaller 100mb encrypted container for all my daily updates so it quickly uploads.

    My large 4-7GB containers are updated every 3-6 months. For example I will be downloading new software every week or so and at 3 months I want to backup the new software, etc.

    Another thing is I manually hash check and create MD5's (using a program called md5checker) for each program to make sure my files aren't corrupted AND also aren't infected from viruses (hasn't happened since I started using LUA/Surun/SRP)- so manually creating MD5's for my software and all other data also takes up a lot of time.

    Also I will then WinZip my data before putting them into truecrypt containers, and I will then create an MD5 for the containers, then use WinZip to split container into smaller parts to upload easier. I also create Md5's for all these smaller parts.

    I will upload to my cloud services (multiple services), and then download them all and do a hash check to make sure they have uploaded correctly.

    Sorry for long post, but as you can see I manually do a lot of things and a lot of it might be unnecessary so I am looking for ways to 1) eliminate unnecessary steps and 2) streamline and automate this process without compromising my security.

    So with that being said, what would you suggest I do to improve my setup?

    Anyone with any ideas can also chime in with ideasand suggestions if you'd like. Thanks
     
  16. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    What I meant by "overall data set" was really "what is the total size of everything you want to backup"...as in, if you had a single folder, and put every single file in it...how big would that folder be?

    Basically this gives us an idea of how much storage space you need.

    But yeah I think there's a lot you can do to make this easier.

    1) Get rid of WinZip and start using 7-Zip instead. It's Open Source, and better in pretty much every way. It allows for packing/un-packing in the normal .zip format, as well as several other formats, including GZip, tar, and others. And it will also unpack more than a dozen other archive formats (including RAR), and another dozen or so disk image formats.

    But the real beauty is in its 7z format and compression algorithms. This guy is a coding genius and the compression ratio you get is insane. (Obviously it various depending on the type of file you're compressing, but just check out the comparisons.) (Even if for some reason you're forced to use the ZIP format (e.g you're sending a file to someone who can't download 7-Zip), it'll compresses to ZIP format 2-10% better than most of other zip compatible programs, like WinZip.)

    It also supports AES-256 encryption.


    2) Depending on your personal security balance, there are various methods you can use to be backing up...obviously the tradeoff being security vs. convenience/ease of use.

    For example, applications like Cloudfogger and BoxCryptor will integrate with your cloud service and encrypt individual files instead of entire volumes or containers. And while they are integrated with the file-system in different ways, they basically are designed as a way to streamline the whole process of encrypting your cloud data. They offer OTFE so that you can easily view the files as they are presented to you. All-in-all, these kinds of services make the process more seamless.

    Obviously the main drawback is, you leave quite a bit of room for security leaks. First and foremost, you're trusting a 3rd party to not only be white hat, but also to implement the encryption properly. You leave a decent amount of room for fatal errors (both on the provider side and the user side) the more automated you get. All it takes is one user/vendor error to break the whole scheme.


    3) After you decide on the encryption scheme, your next step is to determine the cloud service. It sounds like you're really just looking to back up specific things, as opposed to your entire hard drive(s), and most of the files are long term storage that won't change often. So I think you can manage with free services...


    Here's the basic setup I would use:

    This may need to be tweaked a bit, as I of course still don't know all the specific details, but I think this will accomplish what you're looking for.

    a) I would create at least two different accounts...one with a sync client like Dropbox, and one with high-capacity, non-expiration storage, like Mega.

    You'll use the sync storage for your everyday files, and the high capacity for your large, long term backups.

    Actually, IDriveSync looks pretty good for the syncing. You start with 10GB as opposed to Dropbox's 2GB, and you can bump that up to 18GB through referrals, but at 1GB per referral as opposed to Dropbox's 500MB/referral. (What I can't seem to figure out is what the functionality differences are between IDriveSync, and IDrive.)

    Aside from the storage space advantages, IDriveSync also offers the private key encryption. As I outlined in the post above, this isn't exactly a full-proof protection, but Pro Softnet seems like a reputable company, and it can't hurt. It's basically just another nice layer of protection that you don't have to do anything extra to implement. And in the unlikely event it's compromised, worst case is you're relying on your own encryption, which is what you're doing anyway by electing to do it yourself in the first place.


    b) I would consider using one or a few dynamic TrueCrypt volumes inside your sync folder. With a dynamic volume, physical size (actual disk space used) grows as new data is added to it. This makes it easier to keep adding new files without having to upload a huge container file in a single sync.

    So you would basically set the container max size as the size of your online storage space (or a decent percentage of it), and then it would only actually take up disk space equal to the size of the files in it.

    The drawback is: "performance of dynamic (sparse-file-hosted) TrueCrypt volumes is significantly worse than performance of regular volumes", and furthermore, if data is written to a dynamic volume when there is not enough free space in its host file system, the encrypted file system may get corrupted. TC also mentions a potential security issue, in that because it is possible to tell which volume sectors are unused, you lose a bit of security in the "obscurity" and "plausible deniability" sense.

    So you might choose to just do a regular TC volume instead. Here, the tradeoff is IDriveSync might not update the container when you make the changes. It depends on how the system determines changes. For example, Dropbox uses the hash value of volume files, not the modified date, to check against the stored files. If the hash changes, Dropbox stores the latest copy of the volume file. But SkyDrive, monitors the modified date - not a hash value - so under default settings, TrueCrypt volumes are not updated in the cloud by SkyDrive after their content changes on the client-side. You'll have to test IDriveSync to see how it determines to update.

    If it turns out to use the modified date as the update factor, you'll just simply need to adjust your preferences in TrueCrypt. (But of course, you lose a bit of obscurity that way. Not really a big deal, but if you're uber paranoid, it's something that might matter to you.)


    c) As you work with your everyday files, to back them up you'll just need to follow a slightly different process than you normally would with a cloud sync. See here.

    I wouldn't worry about compressing everyday files. You're really just creating more work for yourself with very little benefit. There's almost no chance the time it takes to constantly compress/decompress the files everyday, and having to keep track of all your archive containers and which files are where and which have changed, etc., is actually worth anything you gain from it. I doubt you're running out of storage space, and if you are, just create a new account and get 10 more Gigabytes.

    I think you'll find that being able to simply work on your files, and save your changes, and have them updated in the cloud will be so much less cumbersome.


    d) As for your larger, less-accessed files, we move to your larger storage account. In a post above, I listed several services that work well for this kind of storage. Mega seems to be the overall best, as you get 50GB, and the file size is only limited by your browser capability. Plus, they also use the client side encryption, and given the history of Kim Dotcom, I tend to trust they'll do what they can to keep your data private...if for no other reason than to cover their own ass.

    So here again, you get a decent amount of extra security without having to do anything.

    What I would do is compress your files in a 7z archive. You can even slap a password on it and encrypt it with AES-256. This is quite secure. But if you really want to go the extra mile, you might go ahead and create some TrueCrypt volumes, and place the encrypted 7z files in there, then upload the TC containers. (You might even elect to use a different algorithm like Serpent or Twofish, just to shake things up a bit, since the 7z will be encrypted with AES.)

    Even though there's no limit on file size, personally I would try to keep the containers around 2GB in size, if for no other reason than ease/speed of download/upload in the event you need to recover a specific file. But if you have a LOT of data, it can get a bit taxing to have to create all those containers. (Although, as this is long term storage, you'll only have to do it once, and you are cutting yourself a break by compressing everything beforehand.)


    e) When you're ready to put more stuff in storage, just create some new 7z archives, and a TC container or two, and go through the same process.

    If you want to update previously uploaded containers...there's really no easy way to do that. It would be a matter of recreating them with the new material and uploading the new container while deleting the original. Hopefully since this is long-term storage, you won't be looking to update containers, but rather simply add more.


    So that's basically it:

    Use a sync account with a TrueCrypt volume inside the sync folder for your everyday files, and use 7z archives (inside optional TC containers) uploaded to a larger storage service for your larger/long-term files.

    To use 7-zip, you simply highlight all the files you want to add to the archive, right-click, and under the 7-zip menu select "add to archive".

    Set the preferences:

    Archive format: 7z
    Compression level: Ultra
    Compression method: LZMA2
    (and defaults for everything else)
    As many CPU threads as you can.

    And you can add a password to enable the encryption, and even tick the box to encrypt the file names as well, if you want. (If you leave it unchecked, you'll be able to look inside the archive and view all the folder and file names, and it won't prompt for the password until you try to extract them. If you select to encrypt them, you are prompted for the password immediately before you can see anything.)

    To work with your archives in a GUI, select the 7zFM.exe (7-Zip File Manager) as the default application for the file types.


    Extras:

    Another aspect you might add is keeping up with all those passwords through an encrypted password manager like Password Safe or LastPass. Personally I find Schneier/Shapiro's Password Safe perfect for this. It's a really great little tool.

    Something like LastPass is obviously meant more for login credentials of online accounts. Even with the offline viewer, I think it would be a bit cumbersome to use. Of course, KeePass is the more popular desktop password manager (it's currently the 5th most popular project in the Security & Utilities section on SourceForge). But I just like the feel of PasswordSafe better. I was originally drawn to it because of its origins with Schneier, but it also seems to be the lighter, more straightforward of the two. It was obviously the inspiration for KeePass, and although it looks like the guys there have implemented some extra bells and whistles, it seems they've also added some road humps...

    One major snafu in my opinion is the requirement of .NET Framework. This is a pretty considerable limitation for such a small, seemingly portable utility. And Password Safe proves it's unnecessary. Another drawback of KeePass is that it auto-updates...something that is also highly unnecessary in my opinion for this kind of tool, and just really gives a bad taste in my mouth. One commenter expressed the same sentiment here. And maybe I'm just used to the PwSafe interface, but as similar as the two are, KeePass just looks too busy to me.

    Anyway, in every password manager there's a section for notes to go along with each entry. What I would do is install CopyFilenames, and as you create a 7z archive, or put files in a TC container, while all the files are still highlighted, copy the names and paste them in the notes section of the Password Safe entry for the container you are storing them in. This way, you have an easy way to look up which files are stored where.

    And of course, with the password manager, you can easily generate secure passwords for all your volumes, and keep them securely stored within an encrypted database which you can unlock using a single master passphrase you remember.

    (For info on secure passphrases, be sure to see here.)


    TrueCrypt

    When the keys are being generated, be sure to move the mouse pointer around inside the window randomly for at least 30 seconds (For extremely paranoid, I've heard as long as 60 seconds.)

    All the encryption and hash algorithms are good. Most people would recommend AES for the cipher and SHA-512 for the hash.

    Also be sure you're using the latest version (7.1a)


    If you check hashes often, HashTab is definitely the way to go. (Of course if you have a bunch to check at once, scripting a batch load is really the most efficient, but you might need to consult someone for help with that).


    Personally I think this is a bit overkill, but if you insist on doing this, at least use a download manager that will accelerate the process, like Free Download Manager or Internet Download Manager.
     
    Last edited: Jun 5, 2013
  17. Dchz92

    Dchz92 Registered Member

    Joined:
    Jun 2, 2013
    Posts:
    16
    Jackman,

    Thank you for your long, detailed informative answer. There are a lot of useful tips and tools I will be looking into and integrate into my backup scheme. Thank you for all your effort and help :thumb:

    Just a quick question I've always wondered about the random movement creating truecrypt containers.

    How important is this? Would doing it for only 5 seconds or 1 second make a Truecrypt container significantly less secure?

    Or are we going back to, it will take 49 years to crack instead of 50 years? Or would it compromise it significantly? Like 1 year to crack vs 50 years.

    I've noticed that Axcrypt and many other encryption software don't use this protection, so this is more likely an "optional" security measure, to an already very very secure Truecrypt container?
     
  18. Dchz92

    Dchz92 Registered Member

    Joined:
    Jun 2, 2013
    Posts:
    16
    Just some updates on my end, for anyone who is interested:

    Recently I have found this program called "Cloudberry Explorer" and Cloudberry Backup,

    which seem to have a lot of useful automation and streamlining tools for backup and they also offer encryption so I don't know how secure their encryption is.

    Their pro version seems to have the most features but the downside is its $40

    http://www.cloudberrylab.com/amazon-s3-explorer-pro-cloudfront-IAM.aspx

    What are your guy's thoughts?
     
  19. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    There's really no practical way to mathematically measure it, but basically what you're doing is ensuring truly random numbers for the encryption keys.

    Random numbers are used everywhere in cryptography, and problems arise when it turns out they aren't really random. Schneier notes here: " Back when the NSA was routinely weakening commercial cryptography, their favorite technique was reducing the entropy of the random number generator."

    For more info on this, see here.

    TrueCrypt documentation recommends 30 seconds.


    My guys don't really have any thoughts on it, but personally I like to keep a little more control. Like I was saying above in section #2, there are many services that streamline the process of encrypting and backing up your data. But as I've been saying, it really all comes down to how much you trust the company behind it...

    Using closed-source services to handle encryption requires quite a bit of trust, and so it really depends on just how sensitive your data is, and how much of a threat you perceive. Basically the same rules apply here as with the client-side encryption we were talking about earlier...You have to:

    a) trust the provider isn't lying

    b) trust the provider implemented the encryption scheme properly and securely

    c) trust the provider won't flip the script on you (literally) and grab your key (e.g. at the request of government authorities, perhaps?)

    Again, it all comes down to who you're looking to protect your data from. If you're just worried about local attackers, meaning you simply don't want people who might have access to your computer to see your files, then sure, pretty much any typical encryption program will do. But if you're data is something you'd rather no one but you and those you authorize to access, you're really better off encrypting it yourself.
     
  20. anniew

    anniew Registered Member

    Joined:
    Mar 15, 2013
    Posts:
    92
    Thanks for your excellent post.

    One question, but background first...we (as likely many others here) have a large collection of photos (better than 1TB) - both JPEG and RAW formats. Our plan is to put them into long term off-site storage via the cloud. Having said that, we like your idea of two layer encryption provided with 7Zip and TC.

    Question: Does the "uncompression" of a JPEG or RAW file fully reconstitute the file, or are there "artifacts" that could end up missing? (Using 7Zip or any other zip tool with encryption).

    While JPEG is already compressed, it seems that after running it through a zip compression process the quality of the image is reduced on extraction. Not sure if this is just fear, rumor or fact. Google searching has not been very productive in finding an answer, and the SW makers' claims, as we know, can be flawed or overly nuanced.

    RAW files seem to fair better (extraction quality and compression ratio), but again, cannot find trusted sources to be conclusive to our liking, perhaps because of camera mfr specific issues (we are concerned with Canon RAW for this post).

    Perhaps some Wilders readers know of some links we could review.

    Thanks.
     
  21. x942

    x942 Guest

    I used to use spideroak with truecrypt. They claim to encrypt everything before it hits there servers with the key never leaving your computer. It's well documented but I still do my own encryption to be safe.

    Also I use Google drive now with truecrypt. I am working to design my own cloud service that encrypts everything before putting it online. It would be for personal use but I will probably put the source on github in case any one wants to run there own server. I have no interest in getting into that business anyways, it's too crowded now.
     
  22. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Whatever you use, I'd use it with a keyfile in addition to password, and of course keep the keyfile out of the cloud. My preference is a short password that's quick to type with one hand combined with a keyfile, or long random passwords that Keepass or similar password manager can type for you at a press of a hotkey, otherwise encryption is too inconvenient for everyday usage.

    For sensitive files in dropbox I use AxCrypt. I don't encrypt everything at the moment because it makes the files harder to share, especially since I also want them accessible on my Android devices, however, I've thought about switching to BoxCryptor or Cloudfogger (which are supposed to work on all major platforms).
     
  23. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    599
    Truecrypt.
     
  24. doveman

    doveman Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    119
    I recall reading that with Truecrypt, when backing up you should create a new container to copy the files from the first container into, rather than just copying the original container to a different location, as having copies of the same container but with different contents, as would be the case with a backup you made two days ago compared to the original container which you've since changed / deleted some files in, can assist with cryptoanalysis and cracking your code.

    So with that in mind, I'm not sure it's even advisable to upload a Truecrypt container to Dropbox or whatever, as if they're keeping copies of your container as it was on previous days, then this could help someone crack into it.

    Using CryptSync http://stefanstools.sourceforge.net/CryptSync.html, which encrypts the files on your local Dropbox folder with 7-Zip, might be safer or it might introduce it's own security problems (obviously as you change files, they'll also get re-encrypted and uploaded, potentially providing the Cloud storage provider with multiple versions of the same file, which as with the TrueCrypt container, might assist with cryptoanalysis). I don't really see the sense in using a Sync service for backups anyway, as it means if I accidentally delete a file (or the whole folder) from my HDD it gets wiped from the Cloud as well!
     
  25. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Sorry for the long delay in response...I didn't notice this reply, and wasn't around the forum.

    No, those types of compression (7z, ZIP, etc.) are lossless. You have nothing to worry about in that respect. However, as JPG and PNG are already compressed, the ratio you'll get will probably be negligible...as in, probably less than 1-2% reduction. (And that's assuming it doesn't increase the size.) So it's probably not worth your time/effort.

    If extra security is all you're after, just use another TC volume instead.

    I've never heard of anything like this, and while I haven't really paid close attention, it shouldn't be the case.

    But if you're really worried about it, that would be one more reason to skip the compression. Again, with JPG or PNG, you're really not going to gain much at all in the way of saved space anyway.

    Yeah, since RAW is uncompressed, you'll obviously see a better ratio. So that might actually be worth it. And PNG and ZIP/7z, etc. are lossless compression, so you have nothing to worry about in terms of quality deterioration when using those.
     
    Last edited: Aug 12, 2013
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.