The Notepad is old and grody

Encryption and DropBox: Comparing TrueCrypt and BoxCryptor

Scribbled  · PDF · ◊Pollen source

If you’re a DropBox user, you may have heard about the security weakpoints associated with their cloud storage service (or any such service):

  1. DropBox has had security issues that left users’ information exposed to hackers for hours at a time. Could it happen again? Certainly.
  2. DropBox staff have the ability to access your files without your knowledge. They have acknowledged that essentially the only thing between their staff and your data are internal company policies. This is much weaker than zero-knowledge systems like SpiderOak, where it is not even technically possible for staff to access users’ files without the user’s key.

Even knowing these weaknesses, I use DropBox anyway. Having access to some (not all, obviously) potentially sensitive files on multiple computers/phones is helpful enough for me to find some way to mitigate the security risks.

It’s important to note that if you’re putting sensitive files on DropBox purely as a backup solution, you should just stop. Find some other way to back those files up. But if, like me, you find it extremely helpful to have access to certain moderately sensitive files from multiple devices, you should find a way to add a layer or two of security to those files before storing them on a cloud service like DropBox.

There are two good ways that I have found to do this. Both are free, and neither involve sending any of your data or keys to an additional third party—all the magic happens on your computer or device. However, there are trade-offs associated with each.

The TrueCrypt Option

The most commonly offered solution is to place your sensitive files in a TrueCrypt volume and save that volume file into your DropBox.



The BoxCryptor option

BoxCryptor is a newer solution that works by encrypting individual files on your computer, before they are sent to DropBox. Like TrueCrypt, the software runs on both Windows and Mac OS.




Conversation CommunicationsOctober 23, 2012

I’m still debating this quandary.

TeddyDecember 06, 2012

It is possible to access TrueCrypt volumes on Android. There is an app called EDS which lets you open TrueCrypt volumes, even ones in DropBox.

I believe I saw a similar app for iOS devices.