2
I am considering moving my default documents folder to Dropbox. These also contain scanned letters and important information relating to contracts, bills, and so on. I will encrypt those with True Crypt.
Are there any other security implications I need to take into account? If my Dropbox is compromised then how secure will the Documents encrypted be (providing they don't know the password)? Are they safe, is there anything I could do to further increase their security?
I heard that TrueCrypt can have both a password and a 'key file'. Both would be required to unlock the store. I could keep this file on my computer, and on a portable key, and not on Dropbox. Is this possible? I Imagine it would massively increase the security..
Basically: What should I take into account when encrypting my documents, what settings, should I use a eye file, how secure is the encryption should my Dropbox be compromised?
1
I think this is definitely worth considering if you have documents that are personal etc. Dropbox left the system open a little while back so you did not need a password.
– slotishtype – 2011-06-30T10:25:08.8232Dropbox is not a secure system - it never was, it never tried to be. You should take exactly the same precautions with dropbox as you would any other method of moving files. Encrypt well, keep your keys safe, and keep your passwords long. Whether your files are compromised through dropbox, a stolen USB drive, or a compromised PC, makes no difference, so treat it all in the same way. – Phoshi – 2011-06-30T10:29:45.483
@Phosi - Indeed. As I mentioned I shall be encrypting the sensitive documents but I am wondering if this is enough - simply encrypting - or if I should take additional precautions such as using a key file. – Damien – 2011-06-30T13:25:57.090
That sounds reasonably secure to me. You could use hidden volumes for slightly more insane 'security'. The thing is, at the end of the day, if you can get the data out, then it's possible for the data to be decrypted by a person with sufficient skill. Though, I think a nice password and a key file are going to be pretty decent, particularly if you pick a good encryption algorithm. Keep in mind you'll want to download the truecrypt volumes before opening them, else you could end up transmitted the decrypted version over the net anyway – James T Snell – 2011-06-30T16:08:51.930