Sharing a very quick app I made in Xojo (no source comments, etc. so it’s not super pretty inside… just basic and to the point). I use a lot of TrueCrypt containers to store my proprietary and intellectual property sources in, especially when I save them onto DropBox (or some other public cloud). The problem with this, is the data is ‘out there’ beyond your control. No matter how ‘secure’ DropBox says they are… do you really want to trust your data on their word?
Because of this, I needed something to make my TrueCrypt passwords extremely secure… but also needed an ability to use a method of implying simple password rules that I don’t need to log or note somewhere else (as that can be found by somebody, and compromise the security as well… ie. writing the long password on a post-it). Attached was my solution. It basically just generates a hash that’s usable by most password rule sets, and would be extremely difficult for brute-force attacks. The hash is generated off of the ‘passKey’ used, along with some other settings.
I threw a ‘type’ reference in there, along with an editfield for my own use. Basically, if it’s for a website login… you could select ‘website login’ from the ‘type’ dropdown and enter the URL into the ‘web address’ editfield. This information is also used to construct the hash, to make it even more secure… and more personalized depending on your needs.
Again, I’ve included the source for free so you can change it about and customize/optimize it yourself. Was quick and easy, and thought I’d share so others may be able to find a use for it too.
Yeah, Dropbox isn’t actually very secure. The connection to their server is secure, and the files are stored on their server encrypted, but it isn’t end-to-end encryption. Dropbox can decrypt your files.
Finding cloud storage with true end-to-end encryption is nearly impossible, mostly because it is so difficult for the customer to maintain. So yes, encrypting your stuff before you store it in the cloud is a smart idea.
I used encrypted disk images in the SparseBundle format for this purpose. I can save the password in my Keychain so the images mount automatically when I open an alias to desired file. Since it’s a SparseBundle, the synchronization is minimized.
I thought that Wuala was using encryption in a way far more secure than Dropbox or others. From what they say, the encryption is done on your computer before transmission and cannot be decoded by Wuala (hosted by LaCie, their servers are in Europe, not in the US)
I have not used their service yet but I know some medical doctors who use it for security reasons to share files.
see by yourself here
I’m only guessing here, as I have not used Wuala myself, but if I had to guess I’d say your files are encrypted using a key pair stored on their server. The private key is could be encrypted using your account password, so as long as your password is available, the files can be decrypted on other machines. If you change your password, only the private key gets re-encrypted, rather than every one of your files. The fatal flaw in such as a design is that a password reset would lock you out of your files forever. If you forget your password, you’re doomed.
True end-to-end encryption is difficult for humans to handle. iMessage does it in a very clever way, but it wouldn’t work for a file sync service. Tresorit claims to have done it, but won’t really divulge what they’re doing, they just claim a patented encryption method. WireOver does it correctly, but isn’t a sync service, it is designed for sending a file to another single person.
Like Kem suggested, assuming you don’t need to worry about Windows and Linux, an encrypted sparsebundle stored on a Dropbox account is the way to go at the moment.
Yeah, I use a trueCrypt container within my dropBox account. It works extremely well, since it only uploads incremental parts of the encrypted container that actually changed during my last mounted session. Other cloud services I found wouldn’t do that, and any changes (even small) required the entire container to be re-uploaded… which took way too much time and bandwidth. Wish more services would see the importance of this ‘update only what was changed’ option. If bitTorrent Sync did incremental updates, I would use it on my own network with local and remote NAS hardware. According to their specs and website, they don’t ever plan to implement the feature because ‘most people don’t really need it, especially since bandwidth and storage has become very plentiful and accessible’. Sad, but whatever. Anyhow, I agree with Thom. I want to encrypt my data myself on my end, regardless whatever service I use claims to do. I’ve seen too many ‘breaches’ of ‘secured systems’ lately, and it’s made me a little paranoid (not to mention the good 'ol NSA and their little flight lately).
I used them for a while, and they repeatedly said that they could not unencrypt your files even if legally compelled to do so. But doesn’t matter, there was a note posted on there website yesterday that as of Nov. 15, 2015 the cloud service is no longer being offered.
