Dropbox Encryption with TrueCrypt

Derek Newton recently invoked discussion about insecurities in Dropbox authentication. In his article he describes how an attacker could exploit Dropbox and gain access to unshared files. The concerns he raised do appear accurate however we must remember that security is an onion.

An onion, like security, has layers to protect its vital parts. The vital parts are more vulnerable when its security model only possess one layer. As we add layers to our security model, our system’s protection grows exponentially.

In the case of Dropbox, the username and password act as the first layer. Experts agree that a simple authentication layer will provide enough protection for nonsensitive data. However when attempting to protect sensitive data we must pair authorization with encryption.

Generally speaking file systems have maintained a sense of insecurity, which makes them useful. Not encrypting files on Dropbox is akin to not encrypting files on a shared PC. Sensitive data should always be encrypted regardless of its location or media. We should treat sensitive data-at-rest on Dropbox the same way we treat sensitive data on local, optical or flash disk. We should encrypt it!

So how does a user encrypt their Dropbox?

My strongly opinionated solution uses TrueCrypt to create an encrypted volume in the Dropbox directory. Simply treat the Dropbox like a normal directory, follow the TrueCrypt documentation to build a volume, and give Dropbox a chance to sync the data. When the sync completes, the TrueCrypt volume will be mountable on each of your Dropbox enabled computers.

I have to admit at first I was skeptical, but the software cooperates surprisingly well and after the initial sync proceeding syncs occur quickly! I prefer TrueCrypt because it is open source, cross platform, and free (both in freedom and cost). TrueCrypt also functions and performs better then any other solution including commercial products like GuardianEdge or PGP both recently acquired by Symantec.

All security and encryption software should remain open sourced and peer reviewed to prevent harmful tampering. Commercial software, written in a black-box vacuum, prevents customers from viewing its code and procedures. We cannot trust software for security when we cannot view its source code.

You should follow me on twitter here.

9 thoughts on “Dropbox Encryption with TrueCrypt

  1. I thought about using TrueCrypt on my DropBox but then I assumed it would be inefficient, since all the encrypted content would change if I just changed a small portion of the enclosed data.
    Do you have a configuration proposal that doesn’t lead to DropBox having to sync for hours after changing 1KB of my 8GB of encrypted data?

    1. Don’t use a 8 gb volume. I use a volume size of 700mb and it works really well, the changes sync in about 4 minutes.

      I use 700mb because it allows me to place it onto a cdrw. Its the perfect size for backing up if the need arises.

  2. Obviously, encryption of single files (instead of the whole container) would be way better in this case: mounting an image (ie. the container) on multiple computers at once is probably a pretty dangerous thing. So I would rather suggest ecryptfs (for those with a sane OS), although I have admittedly not yet tried it with DropBox.

  3. Mounting on multiple machines simultaneously does cause all kinds of madness. However, Dropbox syncs at the bit level, so you won’t have any issues with updating the entire volume after you save an individual file inside it, AFAIK.

  4. Using TrueCrypt on DropBox in the way you describe is insecure. It leaves multiple backup copies of your TrueCrypt volume in DropBox’s backups, and opens the volume key to discovery (not your passphrase necessarily, unless you change it often, just the volume/session key in the header)…

    If you do this, for it to be secure, the volume key needs to change every time you edit it (i.e. you need a new volume for every upload). You should create a new truecrypt volume per “save” (i.e. every time you edit something that is encrypted, create a new truecrypt volume and put it in there and remove the old one) so that the volume/session key changes. Obviously this is more painful than the above.

    In short: For stuff you need encrypted, encrypt with GPG from a local copy each time and replace the old one (new session key) or a new TrueCrypt volume (key) per instance of the data.

    (PREEMPTIVE NOTE: CHANGING YOUR PASSPHRASE/KEYFILE DOES NOT CHANGE THE VOLUME KEY – I.E. THE KEY THAT THE DATA IS ENCRYPTED WITH.)

    1. Your research appears correct.

      I would however argue that using some encryption is better then no encryption.

      Total security does not exist. Security eventually amounts to layers of abstraction and obfuscation.

      I could gain a bit more security by naming my TrueCrypt volume ‘pictures.jpg’ vs ‘TrueCryptVolume’.

      Keep in mind the worse enemy to secure systems is the human element.

  5. HackerNews import

    albertzeyer 6 days ago | link

    TrueCrypt doesn’t really work because you can’t mount it from several places at the same time.
    I looked up for other solutions which allow this (for example by doing the encryption separately for each file; but I could also think about other things).
    I only found http://www.arg0.net/encfs so far but I didn’t tried yet. It does the encryption separately for each file.
    reply

    kijinbear 5 days ago | link

    TrueCrypt is OK if you only use Dropbox for backup. But as soon as sync comes into the picture, all hell breaks loose. Remember, a TrueCrypt volume contains an entire file system inside. File systems seriously don’t like it when you modify bits and pieces of it from under their feet. You can’t use any file in the volume until you’ve finished using the volume in the other computer.
    EncFS is somewhat better in terms of sync, because it encrypts each file separately.
    Here’s a nice tutorial: http://pragmattica.wordpress.com/2009/05/10/encrypting-your-
    I have ~2.5GB of encrypted files in my Dropbox, and as long as I don’t try to edit the same file in two places at the same time, it works like a charm. (Conflicts can be nasty, as another comment says. But it’s not as bad as TrueCrypt, because EncFS works per-file.) Editing different files at the same time, on the other hand, is kosher.
    There are, however, a few other problems with EncFS.
    First of all, you can’t mount an EncFS directory tree from Windows. There’s an actively developed Windows port of EncFS out there (which uses Dokan), but I’ve never been able to get it to work properly.
    Also, Windows has a maximum path length limit of 260 chars. Since EncFS pads file names with unique IVs and base64 encodes them after encrypting them, you can reach this limit after only 3-4 levels of subdirectories. Paths which are too long for Windows will simply be omitted from the Windows copy of your Dropbox folder. So if you ever treat the Windows copy as an authoritative backup, you’re in for a nasty surprise. Linux is OK up to 4096 chars. I’m not sure how OSX does it.
    Lastly, Dropbox in Linux tends to choke when you add a large number of files with encrypted filenames. It’s not uncommon for Dropbox to declare a “case conflict” in that situation when there actually isn’t any case conflict. This can seriously damage your EncFS directory tree, because Dropbox adds the phrase “(Case Conflict 1)” to random files and folders. An easily solution is to stop Dropbox, add the files, and restart Dropbox again. But this can get annoying after a while.
    reply

    bobds 5 days ago | link

    That didn’t sound completely right, so I checked it out. You can have a path with ~32k characters actually.
    http://msdn.microsoft.com/en-us/library/aa365247%28VS.85%29….
    I know that not all software supports those long file/path names, so yeah, you are probably in for some surprises.
    reply

    kijinbear 5 days ago | link

    Yes, it’s possible to use up to 32K characters in the path if you use the “\\?\” prefix. Support for this feature may be hit-or-miss, though, so I wouldn’t count on it.
    reply

    cookiecaper 6 days ago | link

    You can do this with ecryptfs, which is built into the kernel. It transparently encrypts each file in a “lower” directory; this directory is mounted to a “higher” directory where the files are transparently encrypted/decrypted as needed. It’s a great solution for this kind of stuff and it lives in the kernel. You don’t have to deal with FUSE or any of that.
    reply

    pbh 6 days ago | link

    encfs didn’t work for me either. See this comment from a year and a half ago:
    http://news.ycombinator.com/item?id=895660
    Dropbox supposedly encrypts server side. If you want to encrypt client-side, use SpiderOak or TarSnap. These hacks on top of Dropbox don’t mesh with the semantics of Dropbox properly and will cause problems days, weeks, or months down the line unless managed extremely carefully.
    reply

    albertzeyer 5 days ago | link

    Yes, I already thought about that case. But I don’t think it should be complicated to extend EncFS to handle that well (to just provide both versions to the end user in that case).
    reply

    dermatthias 6 days ago | link

    I use encFS for the sensitive files inside my Dropbox and it works really well. Because it is a per file based encryption and most of my sensitive files are rather small (<1MB), there are no (noticeable) speed problems.
    In combination with some (really simple) bash scripts for mount- and unmounting, this is imho a good way to encrypyt files inside your Dropbox.
    reply

    Locke1689 6 days ago | link

    Instead of attempting a nasty (and possibly insecure) workaround like this, you should use http://www.tarsnap.com/
    reply

    aceofspades19 5 days ago | link

    If you could use tarsnap in Canada, I would totally use it
    reply

    knight99 6 days ago | link

    I am wondering how/if TrueCrypt would properly handle being synced if mounted on multiple machines at the same time. One of the biggest benefits of DropBox to me is the access the files instantly on all my computers. If I have to unmount and mount the TrueCrypt volume to change files, that benefit goes away.. What happens if I forget to unmount the volume at home, can I safely change the files while away?
    reply

    danieldk 6 days ago | link

    I tried this, and got multiple versions of the truecrypt volume file, filling up my Dropbox account. Pretty nasty, since I had to merge the changes of each variation back in one volume by hand.
    This article resembles the recent posts about using git on Dropbox – I wonder if people actually tried this for a longer period, because it just doesn't work, unless you mount the volume only one machine simultaneously and always sync after unmounting (easy to forget after mobile use).
    reply

    jerrya 6 days ago | link

    Yes, I took the plunge one day and put a truecrypt volume on dropbox and then put my quicken files in that truecrypt volume, and, ….
    Major lossage ensued when I found dropbox gave me multiple versions of that truecrypt volume.
    reply

    Groxx 6 days ago | link

    They're not. While the data spaces may not overlap, the file table very likely will (as much of it will fit in a single encryption block), so any parallel changes collide there in even the best circumstance.
    I program out of my TrueCrypt volume while in Windows, unmount it, and let it sync. It's a super-easy backup, and DropBox is the only one I've used that handles a 1GB file correctly, and it does it without a hitch.
    Worst-case-scenario is you do cause a collision, and you just mount both volumes at once and copy stuff to the one you want to keep.
    reply

    hedgehog 6 days ago | link

    Nope, you can only mount the disk one place at a time. It wouldn't be an easy thing to build.
    reply

    *

    1 point by foxhop 6 days ago | link

    I guess more testing would be required to know for sure. Its good news that both services are free so it wouldn't be difficult to test out your circumstances.
    I use Dropbox more like a thumbdrive for temporary transfers and I like to have the warm and fuzzies that my data at rest is protected with strong encryption.
    reply

    vibhavs 5 days ago | link

    I store sensitive data in Dropbox using an OS X encrypted disk image in my Dropbox directory. It's not an elegant solution, but it gets the job done. I mount the password-protected disk image when needed, access the data, and unmount when finished. Upon unmounting, Dropbox syncs the encrypted blocks to S3, other computers, etc.
    (Encrypted disk-images can be fairly handy. I picked up the trick from a friend and colleague who used them to protect email and other sensitive documents on his laptop. E.g. he sym-linked Mail.app's mail directory, ~/Library/Mail, to the disk image.)
    reply

    sunchild 5 days ago | link

    Doesn't this prevent backup/syncing while the image is open?
    reply

    daydream 5 days ago | link

    Sure, but in practice for a single-user dropbox account it's not a big deal, IF you unmount the volume when you're done with it.
    I do the same thing that the GP does – mount the disk image, work with the files, then unmount. It's been working great for me for a while, though as the GP says it's not very elegant.
    reply

    Derbasti 6 days ago | link

    Also, this clearly breaks web access and mobile device access to your files.
    That said, I have been using this scheme for my most valuable data sets for about a year without problems.
    reply

    chanux 6 days ago | link

    My take on encrypting stuff on Dropbox..
    http://chanux.wordpress.com/2010/10/10/portable-encrypted-vi
    (It's not not just aiming Dropbox but the only place I actually use it on is Dropbox.)
    reply

    iam 6 days ago | link

    I don't profess to know much about security, but unless TrueCrypt does block-level encryption, AND dropbox does block-level syncing, wouldn't this scheme work out really poorly for storing large TrueCrypt volumes?
    reply

    psykotic 6 days ago | link

    Assuming a strong form of encryption with minimal information leakage, avalanching would imply that flipping even a single bit of plaintext in a volume of N bits would force ~N/2 bits of ciphertext to change with a distribution approaching maximum entropy. Flipping any number of bits should have the same statistical effect.
    Of course, that's infeasible for file system encryption and isn't how TrueCrypt works. An idea is to use a one-to-one mapping between TrueCrypt blocks and DropBox files. Write a file system watcher script that picks up changes to files in the DropBox folder and mirrors the changes to the corresponding blocks in a TrueCrypt volume that lives outside the DropBox folder. The other way around, too.
    Do you see anything obviously wrong-headed with this approach? I admittedly don't know the details of TrueCrypt's crypto. If it already does file-level rather than block-level encryption, these tricks wouldn't be necessary. But file-level encryption would seem to leak way too much information to satisfy the truly paranoid.
    reply

    *

    2 points by foxhop 6 days ago | link

    That is a great question, If you find the answer let me know.
    At this point I have been playing around with 700mb file volumes. When I make an addition to the volume, it takes about 2 minutes to sync. I have not tested deletions yet.
    reply

    hedgehog 6 days ago | link

    I used to store use TrueCrypt + Dropbox to store some important files. Dropbox will detect and sync only the changed portions of your TrueCrypt volume. It takes a while (I think it does some sort of rolling checksum thing to detect differences so it has to read through the entire thing locally) but works ok. It would only sync when the volume was unmounted though.
    reply

Leave a Reply

Your email address will not be published. Required fields are marked *