OT: Dropbox and Skydrive encryption

Posted by dan7000
Oct 24, 2014 at 04:56 PM

I think it’s foolhardy to trust any company in any country with data you really want to keep secure. The only way to ensure it’s secure is if it is encrypted *locally* (on your local machine) with a strong passphrase that is never stored anywhere. You want a system where there is no way for the server administrator to ever decrypt your data—the only way for the data to be decrypted is if you personally disclose the passphrase. Locally-encrypted systems are more likely to have this type of security.

I believe that boxcryptor classic provides such a system. If I recall correctly, the new version of boxcryptor does not.

The next-best is to have data that is encrypted on the server but using a key that is not stored anywhere. The problems with this type of a system are (a) you transmit your password to the server so it’s always possible it’s stored in some cache; and (b) there is more likely a backdoor because when your key is transmitted to the server it’s possible they use it to create a dual-key encryption where they keep one backdoor key even though they don’t have your primary key. This is not possible with locally encrypted systems where your password is never transmitted to the server. I think Apple’s newly-announced iCloud security seems to be in this league, and they say they don’t keep a backdoor or a copy of your password and cannot decrypt the data for law enforcement, so if you take them at their word that’s a good model.

Note that any system where you can share your files with someone else has to have some kind of a second key. Mega.com (the successor to mega upload) has this type of system. They have some type of complicated scheme where they say they don’t save the second key, and have run a contest to break their security which I believe resulted in no successful hacks, but because of the second key this system is inherently less secure. (And of course there’s the question of whether you want to give your data to Kim Dotcom…) It’s possible the new iCloud has this unstored second-key issue too - I don’t know if you can share a file with someone else with it.

Either way, the point is that you don’t want to rely on trusting some company—anywhere in the world—if they have any way to decrypt your data. It doesn’t matter what country it is. The Hague Convention and other treaties allow for civil and criminal discovery in most countries, meaning that a subpoena from the U.S. will be enforced in those countries if it satisfies various requirements. Plus, just because a company is located in one country does not ensure that they will always host their data there, particularly if the company changes ownership. Local encryption with a long passphrase you never transmit anywhere is the best solution - that way you trust yourself, not some company.