In my never ending quest to get organized, I’ve been forced to explore the world of encryption. I set up Dropbox to use as my primary drive for all my digital document filing. Because my Dropbox files are replicated to all my machines at home and work this has caused a security problem at work. We’re not allowed to store sensitive data on our local drives, and my own files will set off their security scanner. So I’m being forced to encrypt my own documents. Normally Dropbox encrypts your files for transfer over the net and at their storage site, and I’ve considered that good enough security. However, I started thinking what would happen if someone came into my office when I just had stepped out. Before Windows times out and locks my machine, people could see my home files in Dropbox, so I felt it was the time to study encryption programs.
We’re being forced to use TrueCrypt and BitLocker at work, so I was having to learn about this topic anyway. It’s a scary subject because if you’re not careful you’ll lock all your critical files into an encrypted volume and you won’t be able to open it again.
At first I thought I just set up a TrueCrypt volume inside of Dropbox, but I read there were some issues with that. Dropbox sees TrueCrypt as a single file, so if you have a gigabyte of data locked down, that’s a lot for Dropbox to handle over the internet. Doing some Google research I discovered BoxCryptor. BoxCryptor encrypts file by file, so the overhead for Dropbox is much lighter.
BoxCryptor is free for personal use as long as you only create one virtual drive. BoxCryptor creates virtual drives. Save something to its drives and it’s automatically encrypted. It works with Dropbox, SkyDrive and other cloud drive services, as well as regular drives. After you install BoxCryptor you mount the drive and use this access point to see the files unencrypted. If you don’t mount the drive and browse to the BoxCryptor folder within Dropbox you’ll see your files, but they won’t open. And evidently, with the free version, you’ll see the filenames unencrypted, they just won’t open. It appears if you buy the full version ($44.99), it will encrypt the filenames too, if you want.
Encrypting your files can be dangerous. If you forget your password, kiss those precious documents goodbye. Unless you’re a master NSA hacker, you’ll have no chance of ever opening them again. Also, there’s a file listing in your BoxCryptor folder called .encfs6.xml. Delete it and access to your files are long gone too. Wow-wee – just thinking about all this makes me nervous.
Using encryption is not for the unfocused mind or scatterbrain user.
Here’s the thing. We’re moving into an age where all our personal information is digital. It’s our responsibility to back up our digital life. Dropbox is a good way to do that, but Dropbox stores your files in the Cloud. If you’re paranoid about who can see your files you’ll need to think about encryption.
Encryption takes extra work, extra precautions and can be a very risky endeavor if you’re careless.
Some people encrypt files because they worry that Cloud storage sites might peak at the good bits in their private files. Other people encrypt their documents because they’re afraid their computers will be stolen and bad guys will steal their identity. Still other people encrypt files because they don’t want people at home or at the office to mess with their stuff. Criminals encrypt files because they don’t want the police or FBI use them as evidence. There are many reasons to encrypt files. You have to decide if its worth the effort.
When you encrypted a folder with BoxCryptor or TrueCrypt you’ll have to create a strong password that you must not forget, and you’ll be required to save a configuration key file that you should backup carefully. If something happens to your machine and you want to recover your files from a backup to a new machine, you’ll need that configuration key file.
If you encrypt your life its very important how you handle the password and configuration key. If your documents are very important you might want to put your passwords and keys into your will. If a husband encrypts all his financial records and then dies, his wife won’t be able to see them. If you’re an author and you last manuscript is encrypted, it won’t get published unless you’ve made provisions for your heirs to unlock it.
And it’s important how you configure BoxCryptor. If you want to just hide your files from Dropbox, just use the defaults. If you want to hide files from people that can access to your computers (either at home, work or at the thieves hideout), then don’t configure the mount drive to automatically remember the passwords.
JWH – 2/3/13
Filed under: Computers, Living in the Cloud Tagged: | digital security, Encryption
I find it funny that your first post after “Am I losing my Memory?” is about setting up an encryption. If your memory is going, I hope passwords aren’t the first thing to go.
I’d never hook my home computer’s dropbox up to my work computer. Seems like a bad idea.
That’s why I’ve written my super-secret password down in a super-secret place. Hope I don’t forget that too.
The plus about hooking Dropbox to a computer out of the house is it gives you an off-site backup.
[...] Choosing your personal passphrase in the most important step. If you lose your password there will be no chance to restore your data because BoxCryptor does not store any password related files. That’s the whole idea behind it. Only you should have access to your files. Make sure you choose a random secure password of at least 8 digits with symbols. Memorize it! And better yet: don’t configure your password to be remembered. [...]
Good article on BoxCryptor. One tip to avoid the pitfall of loosing access to all your file: Backup! No excuses for forgetting your password, but if that XML files damaged or deleted you need a backup of your files somewhere safe (outside of BoxCryptor) in the same way you’d need a backup in the event of a drive failure.
I use Dropbox to safely sync files between home, work and mobile devices. I use BoxCryptor in case any of those mobile devices are lost or stolen. As I consider my home to be safe and secure I simply backup Dropbox to an external drive weekly. That includes my BoxCryptor files in encrypted form and the XML file. So, I believe, if I ever lose the XML file I should be able to recover it from backup.
The XML file is a key, not a file list, so you only need to back it up when you first set up a BoxCryptor drive. So, even if you don’t do a local backup of all your files, at least put a copy of this key on a CDR or a second drive on your main PC if you have one, for safe keeping.
As a “not-ever-going-to-fully-recover-but-did-make-it-out-alive-though-altered-emotionally-for-life” survivor of my encrypting disaster, I can only offer this bit of advice to those about to protect their stuff: make certain your health and life insurance policies are as encompassing as possible. When I lost ALL of my passwords, and EVERYTHING else of importance in my life to an app on my iPod Touch, I wanted to simultaneously shoot myself, slit my throat, and jump of a bridge. The only thing that saved me was it took hours to find the gun, was out of ammunition, the knives were all dull, and I never did find a bridge within a hundred miles of here high enough to jump off. The app was state of the art, as was the encryption methodology, and my password so “super-duper” as to have qualified as a masterpiece. What wasn’t known to me was that if you entered the password three times in a row, and those entries were wrong, the app would devour everything, with no possible way to retrieve the data. Save yourselves people! Oh, and best of luck.
That’s the kind of encryption story that makes me think I’d be better off risking hackers finding my personal stuff. So far I haven’t trusted everything to BoxCryptor. I kept a copy of my stuff on my main computer that’s not encrypted.
Personal encryption pose these problems. Of-course losing even one employee password will be a total disaster in a business. Another problem is that you need to give the password away for Dropbox sharing of encrypted files which is probably the most important place to apply encryption.
Take a look at Sookasa – http://www.sookasa.com. We address enterprise level Dropbox encryption and compliance (mainly for legal and healthcare) we will offer a free version too.
An independent review made for New York State Administrative Law Judges Association by judge Eric Zaidins:
http://www.nysalja.org/2013/03/sookasa-dropbox-a-marriage-made-in-heaven-and-the-cloud/
Thanks for the writeup, James! It’s helpful to weigh the pros and cons of encrypting our digital lives. We can too tightly guard our data and possibly lose access to it if we’re careless. Or we could possibly open ourselves up to identity theft, etc., if our laptop is stolen and our sensitive information is easily accessible. It’s definitely a balance!