
Encrypting Your Dropbox Seamlessly and Automatically  - r11t
http://pragmattica.wordpress.com/2009/05/10/encrypting-your-dropbox-seamlessly-and-automatically/
======
hyperbovine
The key to dropbox's awesomeness is delta compression, which this is totally
going to destroy. Aside from placing a greater load on their servers in terms
of storage and bandwidth, it will degrade your experience. Caveat emptor.

~~~
cperciva
_The key to dropbox's awesomeness is delta compression, which this is totally
going to destroy_

Not necessarily. It looks like encfs is vulnerable to a cleaning lady attack,
in which case dropbox (acting as cleaning lady) will be able to recognize and
take advantage of unmodified blocks.

That said, this approach won't be able to recognize blocks which are
duplicated (rather than merely unmodified) either within a file or between two
different files (actually, I'm not sure if dropbox can recognize data
duplicated between different files, even without encryption; but tarsnap can),
and sensible generally want their encrypted filesystems to be secure -- so
this really isn't a very good solution.

------
carterschonwald
the use case discussed in the article seems to be exactly the one for tarsnap
(<http://www.tarsnap.com/>), that is encrypted remote backups. the only upside
is this this awkward setup is free (or ~ 1 dollar a month cheaper), though at
the cost of being much more adhoc.

------
yuan
Honest question: if you trust dropbox.com enough to let them run a daemon on
your box, does this really buy you anything?

~~~
sreitshamer
Depends on what the daemon is doing. JungleDisk and Arq backup products for
instance are daemons on my box, but LittleSnitch tells me they're only writing
to S3 which is a public API, and I can verify what's in my S3 account. Not so
much with Dropbox -- can't tell what's going through that SSL connection.

------
ax0n
I'm not affiliated with them, but if you want zero-knowledge, encrypted
dropbox-esque storage (and a few other benefits) you might try spideroak
instead.

------
Femur
I have a TrueCrypt volume that i keep on my dropbox and it has worked fine for
me for over a year. It was very easy to set up in Ubuntu.

~~~
iuybuyvvyu
But everytime you write to it every byte in the volume will change and dropbox
will have to resync the whole file.

~~~
mbrubeck
Is that true? If I use TrueCrypt to encrypt my entire 200GB hard drive, does
it have to update every block on the disk when I write to a single file?

~~~
iuybuyvvyu
Ideally it should otherwise you are vulnerable to a range of differential
attacks. In practice it's a compromise between performance and security.

It might very well touch a large number of blocks to stop an attacker working
out where on a disk a particular file is. There are a bunch of rsync freindly
crypto implementations that minimize this effect

~~~
Devilboy
How exactly would an attacker have enough access to your encrypted data to do
a diff attack? If he has physical access to the machine you're going to be
compromised regardless of the details of the encryption scheme.

