Search TQA Weekly
Log into your TQA Weekly

Encryption and Dropbox

Software to protect sensitive documents in public places.

Steve Smith, host of your Technology Questions Answered, offers advice on how to secure your data in cloud storage and explains the normal upload process of cloud storage software.

Episode #1-41 released on July 10, 2011

Welcome to another episode of your Technology Questions Answered, this week, an analysis of cloud storage and its security issues with your data. I'll explain some of the process your files undergo during transfer, explain a bit more about Dropbox, iDrive, Carbonite, SkyDrive, etc... and explain a few tips and tricks to secure your data online, even if it becomes loose in the wild.

First, let's talk about the convenience of cloud storage solutions. Services like Dropbox allow for multiple backup locations and data synchronization in very nearly real-time. This means that if your computer were to just die, your data will be absolutely safe. That's the safe part. Now, keep in mind that this convenience factor is also very dangerous if not handled well. All your data you save unencrypted is vulnerable to compromise. If something like faulty login scripts, brute force login attacks, bad employees gain access to your account any sensitive data that is unencrypted is vulnerable. Now, some of you may say these services are encrypted by SSL, and data is encrypted, but if its the service that holds the encryption key, its like its not encrypted, at all. Bad and uneducated employees may give the keys by accident or sell them for profit. This happens, a lot more than publicized. Not all attacks are detectable, groups like Anonymous, and the former Lulzsec are Black Hat hackers, but show publicly the flaws of publicly accessible servers. Now, bare in mind, these public groups are no where more dangerous than the unknown black hat hacker organized groups. If they suddenly became organized, they may pose a real threat, but think of them as reminders we should listen to.

When you use one of these services, the software you use contains a secure socket layer, or SSL connection. This encrypts your files during transfer from your computer, to the server. Depending on how the files are stored, they are either encrypted on the server, or stored as is. Nowadays, files are encrypted on the server.

Now, let's talk about who is responsible for your data in these accounts. Your going to say the companies that store them, but let me remind you who put them there in the first place, you. Only when you place files in these services, are they in any danger by hackers, governments, police, employees, etc... So, how about we analyze the situation. If we place music, movies, software, photos, etc... these may be safe enough without protection, provided the contents themselves are not sensitive. Now, documents, budgets, projects, etc... may be sensitive enough to require significant protection. But, what kind of protection do they need? Let's talk about encryption and a few solutions that are now possible.

Encryption software like SecretSync allow for a particular folder within Dropbox to be encrypted, and you pick the pass phrase that encrypts the folder. So, this is particularly strong idea for protecting the files, while keeping the directory easy to use.

If you need stronger encryption, there is another way, single file encryption. You could encrypt all your files with different pass phrases making it harder for anyone to crack, and it would take a lot longer to decrypt. Then, you can also use encrypted file containers to hide multiple sensitive files within other files.

The best program for all this is TrueCrypt, and as a personal suggestion, even if you use SecretSync, encrypt your files first with TrueCrypt. This will make it harder to decrypt.

Now, there is the ultimate problem of what to do if your files ever become loose in the wild. How do we deal with this. One, access the contents of the file. Are they compromising in nature? If not, don't panic, relax your fine. If they are compromising then, how did you protect the files. Are they encrypted, are they hidden within layer after layer of encrypted file containers. The more levels of encryption between the wild and the data, the less likely the file will be decoded. And if you use significantly long pass phrases with as many character types like small and large caps, numbers and even symbols, then you render it harder and more improbable with longer lengths. A 120 character long pass phrase protecting an encrypted file container, containing encrypted files is a lot harder to crack, than an encrypted file with a short password. Pick your battles, choose your own protection scheme, but make sure that you use significant levels of encryption to protect extremely sensitive files.

If you want another even more crazy way of safe guarding your files, a little more like the first Mission Impossible movie. Encrypt the really sensitive files, zip them, but make them into multiple pieces, then encrypt those, and back them up on separate cloud storage solutions. This will require that both accounts be compromised which makes the possibility even more remote, and further more, don't use the same user account name for both accounts.

The links to SecretSync, Dropbox, iDrive, Carbonite, SkyDrive and TrueCrypt are within today's show notes available on our web-site at www.zedaxis.net.

Next week, I'll be doing a short demonstration and explanation of a program I've been playing with for the last few weeks, it's name, Ghostery. A program designed to detect and warn which trackers are currently running on web-sites your visiting.

And until next week, if you have any questions, comments, stories or suggestions, please e-mail them to tqa@zedaxis.net, for more information on this episode, and others, for the listener survey or exclusive gear and apparel, please visit www.zedaxis.net. Don't forget to subscribe, click that like button, have a great day, and stay safe and online. This has been your Technology Questions Answered.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions

Sources & Resources