That’s why it falls to “Evil Maids”: the threat model doesn’t really accommodate attackers with multiple bytes at the (physical) apple. Remember that disk encryption is designed to counter an attacker with very limited capabilities. To quote from the latter mentioned blog post: Also, see this question Is it safe to have a TrueCrypt container file synced with DropBox? as well as the blog post You Don't Want XTS. In conclusion, as long as VeraCrypt is using XTS, it shouldn't be used with Dropbox. However, Dropbox is not a regular "storage device" or "block-oriented storage device"! In 2007, it was also approved by the IEEE for cryptographic protection of data on block-oriented storage devices (IEEE 1619). In 2010, XTS mode was approved by NIST for protecting the confidentiality of data on storage devices. The mode of operation used by VeraCrypt for encrypted partitions, drives, and virtual volumes is XTS. Thanks, me.Unfortunately, I think the answer should be: Don't use a VeraCrypt container with Dropbox, at all. I’ll upload some of the larger and less sensitive data directly to Cryptomator’s vault, for the more sensitive files I will encrypt with VC first. Metadata aside, VeraCrypt uses XTS which has its flaws.Īfter some thinking (I need to stop editing posts so frequently), I think I will do both. And it’s not so obvious to me.Īlso, there are advantages to using multiple encryption services. The decision I have to make here is, whether or not that’s important to me. Anyone with access to the cloud provider’s files (and since I’d be using either Google or Dropbox, I’d assume it’s completely out in the open) would have access to metadata and know what files have been changed and how often they’re changed, thus knowing which files are probably more important than others. And as I said earlier, it leaks metadata, leading to less plausible deniability. I can understand the benefit of file-based backup, however my only concern here is that I’d be putting my trust in the hands of Cryptomator, which is an online encryption service, while VeraCrypt is offline and that’s why I trust it more. VeraCrypt has protections such as plausible deniability. I want to automate backups and syncing between devices isn’t a useful feature for me.Ĭryptomator leaks metadata, while VeraCrypt does not. What purpose does Cryptomator serve here? VC is unarguably better for local encryption than Cryptomator, but Cryptomator has cloud integration - or in other words, it automates the backup process and handles syncing - which is not what I need. I could just upload directly to Google after encrypting with VC. I’m thinking Google because it has stronger security, and privacy issues are not a problem considering I won’t be uploading anything that isn’t double-encrypted with VC and Cryptomator.Īssuming I encrypt files with VC first, and use Cryptomator to encrypt again and upload to Google…I’m thinking Cryptomator might be unnecessary. I will probably use either Dropbox or Google as my cloud provider. That may seem redundant to some but that’s just how I want to do it. Even if I use cryptomator, I will first encrypt using VC. I rely on VeraCrypt as my first line of defense with encryption. However I question it’s usefulness for my particular case. I’ve done a bit of research about cryptomator and I like it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |