
Dropbox Encryption with TrueCrypt - foxhop
http://russell.ballestrini.net/dropbox-encryption-with-truecrypt/
======
albertzeyer
TrueCrypt doesn't really work because you can't mount it from several places
at the same time.

I looked up for other solutions which allow this (for example by doing the
encryption separately for each file; but I could also think about other
things).

I only found <http://www.arg0.net/encfs> so far but I didn't tried yet. It
does the encryption separately for each file.

~~~
pbh
encfs didn't work for me either. See this comment from a year and a half ago:

<http://news.ycombinator.com/item?id=895660>

Dropbox supposedly encrypts server side. If you want to encrypt client-side,
use SpiderOak or TarSnap. These hacks on top of Dropbox don't mesh with the
semantics of Dropbox properly and will cause problems days, weeks, or months
down the line unless managed extremely carefully.

~~~
albertzeyer
Yes, I already thought about that case. But I don't think it should be
complicated to extend EncFS to handle that well (to just provide both versions
to the end user in that case).

------
knight99
I am wondering how/if TrueCrypt would properly handle being synced if mounted
on multiple machines at the same time. One of the biggest benefits of DropBox
to me is the access the files instantly on all my computers. If I have to
unmount and mount the TrueCrypt volume to change files, that benefit goes
away.. What happens if I forget to unmount the volume at home, can I safely
change the files while away?

~~~
danieldk
I tried this, and got multiple versions of the truecrypt volume file, filling
up my Dropbox account. Pretty nasty, since I had to merge the changes of each
variation back in one volume by hand.

This article resembles the recent posts about using git on Dropbox - I wonder
if people actually tried this for a longer period, because it just doesn't
work, unless you mount the volume only one machine simultaneously and always
sync after unmounting (easy to forget after mobile use).

~~~
jerrya
Yes, I took the plunge one day and put a truecrypt volume on dropbox and then
put my quicken files in that truecrypt volume, and, ....

Major lossage ensued when I found dropbox gave me multiple versions of that
truecrypt volume.

------
Locke1689
Instead of attempting a nasty (and possibly insecure) workaround like this,
you should use <http://www.tarsnap.com/>

~~~
aceofspades19
If you could use tarsnap in Canada, I would totally use it

------
iam
I don't profess to know much about security, but unless TrueCrypt does block-
level encryption, AND dropbox does block-level syncing, wouldn't this scheme
work out really poorly for storing large TrueCrypt volumes?

~~~
foxhop
That is a great question, If you find the answer let me know.

At this point I have been playing around with 700mb file volumes. When I make
an addition to the volume, it takes about 2 minutes to sync. I have not tested
deletions yet.

~~~
hedgehog
I used to store use TrueCrypt + Dropbox to store some important files. Dropbox
will detect and sync only the changed portions of your TrueCrypt volume. It
takes a while (I think it does some sort of rolling checksum thing to detect
differences so it has to read through the entire thing locally) but works ok.
It would only sync when the volume was unmounted though.

------
vibhavs
I store sensitive data in Dropbox using an OS X encrypted disk image in my
Dropbox directory. It's not an elegant solution, but it gets the job done. I
mount the password-protected disk image when needed, access the data, and
unmount when finished. Upon unmounting, Dropbox syncs the encrypted blocks to
S3, other computers, etc.

(Encrypted disk-images can be fairly handy. I picked up the trick from a
friend and colleague who used them to protect email and other sensitive
documents on his laptop. E.g. he sym-linked Mail.app's mail directory,
~/Library/Mail, to the disk image.)

~~~
sunchild
Doesn't this prevent backup/syncing while the image is open?

~~~
daydream
Sure, but in practice for a single-user dropbox account it's not a big deal,
IF you unmount the volume when you're done with it.

I do the same thing that the GP does - mount the disk image, work with the
files, then unmount. It's been working great for me for a while, though as the
GP says it's not very elegant.

------
Derbasti
Also, this clearly breaks web access and mobile device access to your files.

That said, I have been using this scheme for my most valuable data sets for
about a year without problems.

------
chanux
My take on encrypting stuff on Dropbox..

[http://chanux.wordpress.com/2010/10/10/portable-encrypted-
vi...](http://chanux.wordpress.com/2010/10/10/portable-encrypted-virtual-disk)

(It's not not just aiming Dropbox but the only place I actually use it on is
Dropbox.)

