4

I am considering a solution for securing my private data in Dropbox. In spite of OneDrive, MEGA and AmazonCloud are also being considered but now I put my focus on Dropbox as the most feature-rich of all.
I came to the couple of options that are available for my aims:

  1. Set up separate EncFS volume
  2. Use in-place EFS encryption for files and folders
  3. Use BitLocker volumes (not appreciated)

Dear Gurus, can you give me advantages and disadvantages of all above solutions from security (primarily!) and convenience perspectives?
I am not keen into installing additional stuff like with EncFS, the more so it is paid (free version of BoxCryptor is very ill-functioned). Moreover, it is commonly known EncFS also has drawbacks.
Built-in solutions (like EFS and BitLocker) wll be highly appreciated but how do they look in sense of security against EncFS?
Security is a must however it'd highly preferable to leave Dropbox features (file preview, versioning, etc.) enabled. Maybe things look different if I choose another cloud hosting (MEGA, OneDrive)?

Community
  • 1
Suncatcher
  • 282
  • 2
  • 13
  • I've not used EncFS with DB but check whether it is rsync friendly which indicates that it supports delta sync. The DB client does delta syncs which I use with TrueCrypt/VeraCrypt volumes so you can have a large single file showing on DB but use it as a mounted file system locally. Of course, DB will have max file sizes so this only really works for document type data not media. – Julian Knight Jan 08 '17 at 20:59
  • If your goal is to "securing my private data" then Dropbox doesn't sound like an optimal cloud storage system. You could try using MEGA which uses [client-side crypto](https://mega.nz/#help/client/webclient/security-and-privacy/how-does-the-encryption-work) to encrypt your data before it is sent to their servers. Combined with their [sync client](https://mega.nz/#sync) you have a trouble-free secure cloud drive mapped to a local folder. – emx Jan 09 '17 at 19:32
  • @emx, ok, I think I'll follow your advice. MEGA seems to be the most promising service of all, in spite of some feature limitations. – Suncatcher Jan 10 '17 at 10:11
  • The idea here is not trusting any of them thus using client side encryption like EncFS, BitLocker volumes or EFS. – rovr138 Mar 10 '17 at 15:23
  • @rovr138, what idea is not trusting? Didn't get your idea – Suncatcher Mar 10 '17 at 17:13
  • Sorry, the last comment by emx. Yes, mega offers client side crypto, but the idea of encrypting things on your own is that you don't need to trust where you store the data. – rovr138 Mar 10 '17 at 19:50
  • There are tools like Boxcryptor which work with Dropbox or even across multiple clouds. – eckes Dec 06 '17 at 04:58

1 Answers1

1

I had the same problem ~2010-2012 and never made it work.

  • EFS - normal users (and programs, such as dropbox client) does not have access to ciphertext, OS either decrypts file automatically or refuses to do anything with it. It seems that the only way to access ciphertext is by some method intended for backups. (as this cannot work theoretically, did not tried experimentally)

  • EncFS - (assuming on windows), back then it did not work properly at all. Files became corrupted on modification. If it works properly now, it might be the best option.

  • Bitlocker - (i actually tried truecrypt, but there are the same problems). It was the only thing that somehow worked, but on changes syncing meant transferring entire file. I know, that it was supposed to sync only changes, maybe smallest syncable unit was entire file?

yyy
  • 159
  • 1
  • 5
  • Could you please extend your idea with EFS? You mean that versioning with EFS is possible only via 3rd-party tools (and not with DB)? – Suncatcher Jan 09 '17 at 09:00
  • 2
    @Suncatcher EFS is transparent for the user. Whenever you or a program running under your account access a file encrypted with EFS, Windows automatically decrypt it, and all you ever see is the plaintext. Your DropBox syncing app will also see the plaintext, and sync that to the online storage, defeating the purpose of encryption altogether. – twisteroid ambassador Jan 09 '17 at 11:30
  • 1
    The ciphertext can be accessed using [ReadEncryptedFileRaw](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365466(v=vs.85).aspx), [e.g.](https://github.com/grawity/vssbackup/blob/master/efs.cs) – user1686 Jun 09 '17 at 06:47
  • Note that EFS is deprecated, and a huge problem to use with pretty much any program for backup, syncing etc. (because the API is abysmal, and no one wants to use it) – deviantfan Jul 08 '17 at 20:38
  • Partial syncs with Ttuecrypt or Bitlocker work fine. Smallest unit would be a cluster/block of encryption. – eckes Dec 06 '17 at 04:57