We have a popular post here at groovyPost that compares Dropbox and SugarSync. The lengthy review has given rise to quite a bit of discussion in the comments, including a bit of controversy over security. Dropbox and SugarSync, which both utilize Amazon’s S3 web storage, claim that your data is safe from hackers due to the SSL encryption during sync and 128-AES encryption at rest. But what about Dropbox / SugarSync staff? Could a rogue employee simply access your files by changing or overriding your password? After some back and forth in the comments, I think we came to the reasonable conclusion that yes, they could.
While the likelihood of this actually happening to you is probably very low, recent headlines about hack attacks against Sony, Gmail and even LastPass prove that you can never be too safe. With that in mind, I thought I’d share with you a tip for making your Dropbox data more secure. In particular, it prevents an unscrupulous employee at Dropbox from accessing your most sensitive data by encrypting it.
TrueCrypt + Dropbox = Super Security
This <— is a a link to a volume that contains the following text document (without the blur):
I am 100% comfortable putting this text document in my public folder. Why? Because it’s in an encrypted volume that I created with TrueCrypt. Go ahead and download it, if you’d like—you won’t be able to get to that text document without my password and keyfiles. You can try cracking it, if you’d like, but it’s encrypted with AES and a RIPEMD-160 hash. Meanwhile, I can still access that file just as easily as I can my other Dropbox files. Groovy, huh? Here’s how I did it:
Stage 1 – Create the Truecrypt Volume
Stage 2 – Mount the Truecrypt Volume
Creating a TrueCrypt Volume
Download and install TrueCrypt for free. The instructions here are pretty straightforward.
Note: There are two ways to install TrueCrypt. For Dropbox users, I would recommend the Extract method. This creates a portable version of the app that you can put on a USB drive or even in your Dropbox folder. This saves you from downloading and installing TrueCrypt if you are using someone else’s computer. For your main computer, feel free to do the default install.
Run TrueCrypt.exe and Click Create Volume.
Select Create an encrypted file container. There are some more advanced options here, but we’ll cover those later. Click Next.
Select Standard TrueCrypt volume and Click Next.
Click Select File…
…and then browse to your Dropbox folder. Create a filename for your volume. It can be anything you want—the extension doesn’t matter.
It doesn’t even need an extension, in fact. Originally, I thought it would be clever to disguise it as another file type, such as “mysummervacay.jpg” but it turns out that this can cause false positives from your virus scanner. To stick with convention, go with .tc or skip the extension altogether.
Feel free to change the encryption options. There are some useful links here to help you understand your different choices, but I imagine they are all sufficiently secure. I stuck with the defaults.
Choose a volume size. You’ll want to choose this realistically based on how much Dropbox space you want to devote to your encrypted volume. If you’re like me and only use your encrypted volume for a couple of text files and perhaps a PDF, 10 MB is more than enough. If you want to encrypt your whole dang Dropbox folder, feel free to do 2 GB.
The one thing that you should note before moving on is that you can create a dynamic volume. That is, it “expands” as you add files to it, so that if it’s a 2 GB file container but it only has 5 MB of data in it, it’ll only take up 5 MB of Dropbox space. That’s nice, but it’ll run a bit slower. It’s up to you.
Set up a password. Choose a very strong password that you can remember. Otherwise, all this encryption will be for nothing.
For more security, choose a keyfile. This can be any file on your Dropbox, on your local hard drive or on a USB drive. It’ll work just like a key would—without this file, you can’t access the volume. So, make sure you don’t delete it! This is more secure than a password—especially if you choose multiple keyfiles.
In the next screen, TrueCrypt will ask you to wiggle your mouse around to randomize the hash key. It’s kind of fun. When you’re satisfied, Click Format.
And you’re done!
Your volume is a completely standalone file. You can drag it and drop it, copy it and paste it or move it to anywhere you’d like. To read and write to the volume, you just have to mount it using TrueCrypt.
Mounting TrueCrypt Volumes from your Dropbox
Launch TrueCrypt and Click Select File…
Then, Browse to the volume you just created and open it.
Select a drive letter and then Click Mount.
Enter your password and, if you chose a keyfile, browse for it by checking Use keyfiles and Clicking Keyfiles.
Your volume will now be mounted as a local volume under Computer in Windows Explorer.
Add files to it just like you’d save files to a USB drive.
They’ll be saved in the encrypted volume, where they’ll be ready and waiting for you next time you mount the volume.
One last thing: in order for Dropbox to sync your volume, you have to unmount it. To do so, launch TrueCrypt, select the drive and Click Dismount.
Dropbox is already fairly secure. But for that extra bit of protection, it’s not a bad idea to keep your most sensitive documents in an encrypted volume. You’ll still be able to access your file, as long as you have a copy of TrueCrypt handy (which can be saved as portable version on your Dropbox account) and can remember your password. You won’t be able to access items in an encrypted volume from the web or a smartphone, either. I recommend using TrueCrypt for infrequently accessed files, such as financial documents, old tax returns and other sensitive material that you might have if you’ve transitioned to a digital filing system.