Posts in Category "Security"

Dropbox Encryption

With the recent security issues with DropBox http://blog.dropbox.com/?p=821 http://blog.dropbox.com/?p=735 http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/ http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html you may be considering adopting an additional encryption strategy.

TrueCrypt http://www.truecrypt.org/ a cross-platform encryption solution has been recommended by a few sites. It works by creating an encrypted disk file, which you can store in Dropbox. The one issue with this strategy is it is very hard to sync differences in the file. This means a few file changes could result in the re-syncing of your entire encrypted disk file, which really diminishes the value of Dropbox.

The solution I ultimately went with is BoxCryptor http://www.boxcryptor.com/ for Windows & EncFS http://www.arg0.net/encfs for OSX. BoxCryptor is compatible with EncFS so data you use on one OS should be viewable on the others. The big advantage of BoxCryptor/EncFS over TrueCrypt is it uses a pass-thru filesystem. Instead of creating one big file that stores all of your data it encrypts each individual file (including its filename) separately. This is a big win when using syncing software such as Dropbox.

BoxCryptor is pretty straightforward to install and run on Windows so I won’t go into the installation details.

Installing EncFS on OSX requires a bit more work. Here are some basic instructions. Note, if you are going to share between Windows & OSX I recommend first creating your Secure directory with BoxCryptor, it’ll keep you from having to pass in special flags to encfs.

  1. Install the Mac Developer Tools (aka XCode)
    • If you have your Snow Leopard disk handy you can install the developer tools from there. I believe it is under the Extras directory.
    • If you are running the latest version of Snow Leopard and have the App Store installed, you can download and install XCode 4 from there, which will give you access to all of the needed tools.
  2. Download and install MacPorts http://www.macports.org/
  3. To make sure macports is up to date, run sudo port –v selfupdate
  4. Then run sudo port install encfs
    • This should automatically resolve any dependencies
    • Note, this takes a long time to run, I recommend grabbing a cup of coffee after kicking it off
  5. Reboot your system
  6. Assuming your Encrypted file system is in ~/Dropbox/Secure run the following
    1. (optional) If you haven’t created your encfs yet run: mkdir ~/Dropbox/Secure
    2. mkdir ~/DropboxSecure
    3. encfs ~/Dropbox/Secure ~/DropboxSecure
      • It’ll ask you for the password
    4. You should now be able to see your files in the ~/DropboxSecure directory
  7. To unmount the encrypted drive run: umount ~/DropboxSecure

The overhead for the encryption is minimal. I was seeing about a 20ms increase in running the ls command on an identical directory. Now your files are secure even if your Dropbox account is compromised.