43

For the record, I understand that absolutely no service is safe, and "the only way to keep a computer from getting hacked is to never connect it to the network". So, we've got that out of the way.

I wanted to understand the Dropbox has started encrypting its data-at-rest with 256-bit AES encryption. So, my simple question is, do we still need to encrypt our Dropbox contents with TrueCrypt?

Are there any real advantages in terms of security/encryption in using Dropbox?

Abhishek Sha
  • 645
  • 1
  • 5
  • 8
  • 8
    Welcome to Information Security SE. Is this question about [Box](https://www.box.com) or [Dropbox](https://www.dropbox.com)? I assumed the latter and edited, feel free to rollback. Can you source the "**2048-bit** AES"? – Jedi Dec 01 '16 at 04:39
  • 41
    For the record, 2048-bit AES doesn't exist. AES is a common symmetric encryption standard with three variants that all use a block size of 128-bits with a key that is either 128, 192, or 256 bits (that is the key is a random number is 128, 192, or 256 bits long). However, RSA, a common asymmetric encryption standard commonly uses 2048 bit keys where the the part of the key that's length is given by 2048 bit isn't a random number but is the product of two 1024-bit numbers. – dr jimbob Dec 01 '16 at 05:28
  • 39
    Who's your adversary here? If a government/police subpoena your data, Dropbox will unencrypt it for them, but if you encrypted it with your own keys beforehand then they're out of luck. – Robert Fraser Dec 01 '16 at 07:48
  • 3
    Afaik TrueCrypt is insecure now – pguetschow Dec 01 '16 at 08:26
  • 7
    Huh? Am I missing something here? Truecrypts encrypts the HD, as soon as data is lifted from it it is undecrypted. You cannot *encrypt our Dropbox contents with TrueCrypt*. Unless you mean to say *a local copy/mirror of your Dropbox contents*? Then [edit] your question. –  Dec 01 '16 at 12:22
  • 17
    @JanDoggen, you can use TrueCrypt to create local, encrypted virtual drives/containers. – Holloway Dec 01 '16 at 13:19
  • 2
    That strikes me as an inefficient way to use Dropbox - if you put a single giant file in there that's the TrueCrypt/Bitlocker container, how well does it sync? – pjc50 Dec 01 '16 at 13:31
  • 3
    @pjc50: Pretty sure that Dropbox transmits block-level deltas, that is, changes to a TrueCrypt container file require the same amount of I/O over the network as they do to the local disk. – Ben Voigt Dec 01 '16 at 15:50
  • 3
    Dropbox uses AES-256 bit encryption. Source: https://www.dropbox.com/security – Ogre Psalm33 Dec 01 '16 at 20:34
  • 1
    @RobertFraser I very much doubt that the authorities are "out of luck" just because Joe Sixpack encrypted a file. They can probably rootkit his desktop, or know his favorite passphrases already. – DepressedDaniel Dec 02 '16 at 00:05
  • 2
    @TechTreeDev: TrueCrypt isn't necessarily "insecure" quite yet, but it's been dropped from active development (if you're into conspiracy theories, it's an interesting story) and isn't being updated anymore. However, there's a fork of it (VeraCrypt) which is being developed and publicly audited, as well as several other alternatives besides. – flith Dec 02 '16 at 07:26
  • 1
    @pjc50: who says you need to encrypt a whole hard drive and try to sync that? You can create multiple, smaller encrypted containers for different purposes or content types (possibly stored within an encrypted hard drive to prevent local intrusion), and just manage those containers individually with Dropbox. – flith Dec 02 '16 at 07:28
  • I would certainly stop using TrueCrypt as it's defunct and no longer in development. VeraCrypt seems to be the way to go these days. – Caimen Dec 02 '16 at 21:12
  • @pjc50: it doesn't sync at all while TrueCrypt (or rather, VeraCrypt) has the file mounted, then it syncs in blocks once you unmount it. Since the encrypted bytes in a VC container file map 1-1 with the virtual block device that VC puts its filesystem over, this means DB more-or-less only has to sync what you actually change. Of course if what you change is a 1MB text file then DB in the clear would have been able to compress that, whereas it can't compress the 1MB portion(s) of the VC container that have changed. – Steve Jessop Dec 03 '16 at 16:21
  • @pjc50: so in practice, keeping a VC container in DB works reasonably well for some users and extremely badly for others. If it's a small-ish volume and you unmount it reasonably often to give it a chance to sync then it's fine, albeit both laggier and somewhat less efficient than keeping the files in DB unencrypted. IIRC you might also have to disable VC's default behaviour of not updating the file modification time (or otherwise "touch" the file), or else DB will ignore the changes. But if what you want is to conceal your data from Dropbox Inc, then it's what you do. – Steve Jessop Dec 03 '16 at 16:21
  • Of course in reality I run Dropbox's executable on my machine without doing any kind of audit of it, so if I'm worried about them being evil then (a) VC won't help me and (b) they can do a lot worse to me than just look at the data I choose to put in DB. It's more a safeguard against them messing up their own security and leaking everything, than against them targetting you. – Steve Jessop Dec 03 '16 at 16:28
  • So the question in respect of this announcement is whether it makes you think to yourself "oh good, 2048 bits, that convinces me that Dropbox won't leak my data". If the reason you're using VC is because you have a compliance requirement that you mustn't put your data in the clear into cloud services that don't advertise encryption-at-rest, quite possibly yes. If you're encrypting for some other reason then probably no. – Steve Jessop Dec 03 '16 at 16:38

3 Answers3

85

It does not matter much how the data are encrypted as long as the owner of the data is not the only one in control of the encryption key. This in effect means that data encryption and decryption should only be done at the client and only in a safe environment where only trusted software is running. This is not the case with Dropbox: Dropbox has access to the plain data both from the Dropbox client running on your system and on the server side before encrypting for rest. Also Dropbox can decrypt the data whenever they want because they have access to the encryption key. And they will do it for sure and without you noticing when law enforcement requires it.

Whether you consider this safe enough for your own use is your own decision.

Lightness Races in Orbit
  • 2,173
  • 2
  • 14
  • 15
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • 4
    This is why they can perform data deduplication. – mythofechelon Dec 01 '16 at 19:28
  • 1
    @mythofechelon reversable (by them) encryption is also the maximum that can be supported for features that let you use dropbox as an easy way to share files with people. Having to download and decrypt offline will make it significantly harder to use for less technically inclined people. – Dan Is Fiddling By Firelight Dec 02 '16 at 00:26
  • "in control of the encryption key" ... **or** decryption key of course, in case of RSA based hybrid encryption. – Maarten Bodewes Dec 02 '16 at 16:23
  • Well, doing extra encryption (outside the client's control) certainly can't *hurt*. But I agree that we shouldn't rely on it. There's also the possibility that Dropbox's keys fall into hands we didn't plan for (in my mind, the police aren't the most likely to access the data, even if you were hiding something illegal: there are plenty of hackers who'd want to do that.) – jpaugh Dec 03 '16 at 17:14
3

As was stated in the comments, if you have encrypted the data yourself, with your own keys, and then it is copied to DropBox without those keys being available to them, they would not be able to decrypt the data. If you rely solely on their own algorithms/software/keys, they would have access to them, and could therefore decrypt the data if it were subpoenaed by law enforcement.

vapcguy
  • 131
  • 3
  • 4
    `could therefore decrypt the data if it were subpoenaed by law enforcement` - A bad actor on the inside could do the same. – Carey Gregory Dec 03 '16 at 00:10
  • @CareyGregory Very true. – vapcguy Dec 03 '16 at 00:29
  • And then (as always) there's the details. OK, so you encrypt the data at rest, and this is the usual thing people say for marketing purposes. But how do you safeguard the key(s) you used to encrypt it? The answer to that decides whether the encryption-at-rest ensures data security in the event of someone physically stealing their storage array, vs. ensuring absolutely nothing beyond buzzword-compliance. – Steve Jessop Dec 03 '16 at 16:33
  • It's been my experience that the keys for sensitive data are generated on removable hard drives that are then locked in a safe. If they are ever brought out & re-connected to the computer for any reason, that computer is not connected to a network during the process. If a bad actor has access to the safe, then either your trust/vetting mechanisms for your employees have broken down, or you don't have the physical security safeguards in place to be doing this kind of sensitive stuff in the first place. But short of having a fortress, roving security guards, etc., you can't keep everyone out. – vapcguy Dec 05 '16 at 15:09
  • The best you can do is to have the 2 mediums (keys, encrypted data) in different locations & hope the thieves don't know where both are & keep that information to the fewest possible people on a need-to-know basis. Then have an army of well-trained security guards at both locations w/biometric security to enter the room, invisible laser intrusion system (and hope your thief isn't a gymnast), etc. But I don't believe any such system is foolproof. Best you can hope for is to have cameras feeding multiple places (so thieves can't steal all your video) and hope they aren't wearing masks. – vapcguy Dec 05 '16 at 15:14
  • Chances are, and I guess I was making a large assumption, but if you are uploading your data to DropBox on the internet - even if it's encrypted, it probably isn't sensitive enough to merit all this. Yes, you want physical security between your encrypted data and your keys - so you copy them off and store them on a medium that won't be uploaded to DropBox, and delete them from the medium that will be, if say, uploading your whole hard drive and not just a folder. – vapcguy Dec 05 '16 at 15:18
2

Dropbox does not offer zero knowledge encryption, and is able to decrypt and turn your data over to law enforcement if they are asked to do so. As someone who has used Dropbox for many years I always did so with an understanding that they would do so, and stored only appropriate data there.

For an individual or organization that wants to store data in the cloud but also wants or needs for it to be as close to completely secure as possible, the encryption tool that I prefer to use is Cryptomator, because it encrypts your data before ever sending it to Dropbox. Your files can be accessed on your local machine, but all Dropbox ever sees is the files after they have been encrypted.

I use this method to securely sync encrypted password databases across several different machines and am confident that even if my Dropbox account is compromised, my password databases will be secure. I wrote instructions for how to set up Cryptomator and published them here: https://www.alaskacomputerguy.com/category/howto/how-to-encrypt-dropbox-folder

Alaska Computer Guy
  • 21
  • 3
  • +1 for Cryptomator. It's open source, uses strong encryption (well, except for file timestamps and sizes, if that's a concern to you), multi-platform, and has a friendly UI. – Simon East Nov 23 '21 at 03:26