Backup of Sensitive Information

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
AAA
Posts: 761
Joined: Sat Jan 12, 2008 8:56 am

Backup of Sensitive Information

Post by AAA » Sat Aug 12, 2017 1:01 pm

I've read some threads on this topic, but things change quickly in this arena so I'm not sure if prior recommendations are up to date. Also, I have a very specific situation - I am using a Mac and have created an encrypted USB drive on which I store financial records. So I insert it into the computer, it asks me for a password and then opens a folder on the desktop. Whenever I make a change to it, I also copy the new files onto a duplicate encrypted drive that I store in another room of my house. So the weak link here is that they are both in my house. Keeping one in a bank vault box would not be convenient as I do updates fairly frequently. As a result, I'm looking at some kind of cloud solution.

I do not trust any online service to protect my data - that is not something I can be convinced to do so please don't try. I understand also that places like Dropbox allow encryption but they keep the password, which I would not want.

I can create an encrypted disk drive on my Mac and then just move the .dmg file to someplace like Dropbox. If I double-click on the disk image in Dropbox, will it ask for a password and open? If so, aren't I putting the password out on the internet? Would it be better to simply update my version of the .dmg file and then overwrite the one that's in Dropbox? Any suggestions to how to most easily accomplish what I want are appreciated.
Last edited by AAA on Sat Aug 12, 2017 5:13 pm, edited 1 time in total.

CppCoder
Posts: 500
Joined: Sat Jan 23, 2016 9:16 pm

Re: Backup of Sensitive Information

Post by CppCoder » Sat Aug 12, 2017 1:31 pm

I would just encrypt the content and upload the encrypted file/files/folder to your cloud service provider. If you ever need to recover locally, just download your file and decrypt it on your machine. I'm not a Mac person, so I can't help you with a workflow specific to your platform.

User avatar
weltschmerz
Posts: 258
Joined: Thu Jul 30, 2009 9:17 pm
Location: SoCal

Re: Backup of Sensitive Information

Post by weltschmerz » Sat Aug 12, 2017 3:02 pm

CppCoder wrote:
Sat Aug 12, 2017 1:31 pm
I would just encrypt the content and upload the encrypted file/files/folder to your cloud service provider. If you ever need to recover locally, just download your file and decrypt it on your machine. I'm not a Mac person, so I can't help you with a workflow specific to your platform.
This ^^^. For local encryption, check out MiniLock. It is freely available as an extension for the Chrome browser, you get it in the Chrome Web Store. I assume you are OK with running Chrome on your Mac. Then just upload the encrypted file to Google Drive, Dropbox, etc.

Here's an article on MiniLock:
https://www.theverge.com/2014/8/4/59606 ... n-chromeos

wassabi
Posts: 341
Joined: Sun Feb 02, 2014 8:06 am

Re: Backup of Sensitive Information

Post by wassabi » Sat Aug 12, 2017 3:18 pm

I use Arq backup software to encrypt my files locally and backup to OneDrive. I only use OneDrive because I have a fee terabyte through Office 365. Arq works with Amazon, google, and quite a few others. Arq is local software that backs up your files, encrypts them locally, and then sends them to the online destination. I know the OP is not interested in online backup - I'm also skeptical and would never store my personal files in Dropbox, OneDrive, or any other place. However, with the encryption happening locally on my machine with my own encryption key I am willing to send my files to the cloud. Arq backs up my files every hour and retains old versions in case I delete or break something. Very highly recommended for a second or third backup option (the first being a local copy).

jebmke
Posts: 6345
Joined: Thu Apr 05, 2007 2:44 pm

Re: Backup of Sensitive Information

Post by jebmke » Sat Aug 12, 2017 3:22 pm

wassabi wrote: Arq backs up my files every hour and retains old versions in case I delete or break something.
This is a critical step. Without versioning, all one has is a mirror. Anything bad that happens on the original risks being done on the "backup" copy.
When you discover that you are riding a dead horse, the best strategy is to dismount.

CppCoder
Posts: 500
Joined: Sat Jan 23, 2016 9:16 pm

Re: Backup of Sensitive Information

Post by CppCoder » Sat Aug 12, 2017 3:42 pm

jebmke wrote:
Sat Aug 12, 2017 3:22 pm
wassabi wrote: Arq backs up my files every hour and retains old versions in case I delete or break something.
This is a critical step. Without versioning, all one has is a mirror. Anything bad that happens on the original risks being done on the "backup" copy.
That's an inefficient way to version, though, unless all your files are treated as binary blobs anyway. Efficient versioning is done by saving file diffs (as with source code). If you encrypt everything first, the files are virtually guaranteed to be 100% different even for minor changes. The only way to version is simply saving the whole encrypted file with a timestamp. If this is done every hour on hard disk sized data, you'd be using massive amounts of storage pretty quickly. I hope the algorithm is at least smart enough to only create backup files when it knows local files have changed.

jebmke
Posts: 6345
Joined: Thu Apr 05, 2007 2:44 pm

Re: Backup of Sensitive Information

Post by jebmke » Sat Aug 12, 2017 3:54 pm

CppCoder wrote:
Sat Aug 12, 2017 3:42 pm
jebmke wrote:
Sat Aug 12, 2017 3:22 pm
wassabi wrote: Arq backs up my files every hour and retains old versions in case I delete or break something.
This is a critical step. Without versioning, all one has is a mirror. Anything bad that happens on the original risks being done on the "backup" copy.
That's an inefficient way to version, though, unless all your files are treated as binary blobs anyway. Efficient versioning is done by saving file diffs (as with source code). If you encrypt everything first, the files are virtually guaranteed to be 100% different even for minor changes. The only way to version is simply saving the whole encrypted file with a timestamp. If this is done every hour on hard disk sized data, you'd be using massive amounts of storage pretty quickly. I hope the algorithm is at least smart enough to only create backup files when it knows local files have changed.
I agree. This works with small data amounts. A real backup system that deals with the data in increments is much better. I have used CrashPlan on and off. I believe it encrypts before transfer and has an option to not store the key with them. I'm sure there are other systems that work in a similar way. I was mainly pointing out that any method that has no versioning is asking for trouble.
When you discover that you are riding a dead horse, the best strategy is to dismount.

wassabi
Posts: 341
Joined: Sun Feb 02, 2014 8:06 am

Re: Backup of Sensitive Information

Post by wassabi » Sat Aug 12, 2017 5:00 pm

CppCoder wrote:
Sat Aug 12, 2017 3:42 pm
jebmke wrote:
Sat Aug 12, 2017 3:22 pm
wassabi wrote: Arq backs up my files every hour and retains old versions in case I delete or break something.
This is a critical step. Without versioning, all one has is a mirror. Anything bad that happens on the original risks being done on the "backup" copy.
That's an inefficient way to version, though, unless all your files are treated as binary blobs anyway. Efficient versioning is done by saving file diffs (as with source code). If you encrypt everything first, the files are virtually guaranteed to be 100% different even for minor changes. The only way to version is simply saving the whole encrypted file with a timestamp. If this is done every hour on hard disk sized data, you'd be using massive amounts of storage pretty quickly. I hope the algorithm is at least smart enough to only create backup files when it knows local files have changed.

Good point. Arq uses de-duplication just like Time Machine (if you're familiar with MacOS).
Here's a link if you're interested. https://www.arqbackup.com/documentation ... nning.html

User avatar
whodidntante
Posts: 1951
Joined: Thu Jan 21, 2016 11:11 pm

Re: Backup of Sensitive Information

Post by whodidntante » Sat Aug 12, 2017 5:19 pm

You do not need to trust online backup services if you handle the encryption yourself, or if the decryption key does not leave your possession. The former could be accomplished with any online backup service, but the latter is more limited. I know crashplan supports that.

What I do is I use two hard drives in rotation. One I keep offsite and disconnected. One is onsite and is synchronized frequently. When enough time passes that you are unwilling to lose the data in the case of fire, theft, etc. then you exchange the drives. For me, that's about two months. For you, it might be just a day.

User avatar
TomatoTomahto
Posts: 6272
Joined: Mon Apr 11, 2011 1:48 pm

Re: Backup of Sensitive Information

Post by TomatoTomahto » Sat Aug 12, 2017 5:49 pm

whodidntante wrote:
Sat Aug 12, 2017 5:19 pm
You do not need to trust online backup services if you handle the encryption yourself, or if the decryption key does not leave your possession. The former could be accomplished with any online backup service, but the latter is more limited. I know crashplan supports that.
I trust Crashplan with my data. Their not having my key would be miserable if I lost/forgot it, but there are very simple ways around that. I trust their process more than I trust havng version control on a physical device that is immune from fire or theft (I,e., stored off site).

mrb09
Posts: 57
Joined: Wed Aug 03, 2016 9:02 am

Re: Backup of Sensitive Information

Post by mrb09 » Sat Aug 12, 2017 6:31 pm

AAA wrote:
Sat Aug 12, 2017 1:01 pm
I can create an encrypted disk drive on my Mac and then just move the .dmg file to someplace like Dropbox. If I double-click on the disk image in Dropbox, will it ask for a password and open? If so, aren't I putting the password out on the internet?
You can create a .dmg file and put in your dropbox folder. Dropbox just knows about your encrypted file, the file is accessed locally on your mac, your dmg password is never sent to dropbox. The dropbox password and the dmg password are completely separate.

I do this with my 1Password file, I sync it to dropbox specifically for device sync, crashplan because it is in my backup folder, and timemachine because it is on my disc. None of those services know anything about the password that is contained within the file.

User avatar
whodidntante
Posts: 1951
Joined: Thu Jan 21, 2016 11:11 pm

Re: Backup of Sensitive Information

Post by whodidntante » Sat Aug 12, 2017 6:35 pm

TomatoTomahto wrote:
Sat Aug 12, 2017 5:49 pm
whodidntante wrote:
Sat Aug 12, 2017 5:19 pm
You do not need to trust online backup services if you handle the encryption yourself, or if the decryption key does not leave your possession. The former could be accomplished with any online backup service, but the latter is more limited. I know crashplan supports that.
I trust Crashplan with my data. Their not having my key would be miserable if I lost/forgot it, but there are very simple ways around that. I trust their process more than I trust havng version control on a physical device that is immune from fire or theft (I,e., stored off site).
Most current encryption is done with Advanced Encryption Standard (AES) or blowfish, which you aren't going to be able to decrypt without the key using current technology. However, AES and blowfish can realistically be decrypted by quantum computers. This threat is realistic enough that the NSA has warned against new deployments of AES, and has recommended the use of quantum resistant encryption. Crashplan is using AES and blowfish. Bitlocker uses AES.

There is some more information here.
https://en.wikipedia.org/wiki/Post-quantum_cryptography

I don't know if anyone cares about that threat, but I wanted to mention it. Physical security and quantum resistant algorithms are worth considering if the data really must remain secret.

Mudpuppy
Posts: 5159
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Backup of Sensitive Information

Post by Mudpuppy » Sun Aug 13, 2017 3:18 pm

You can use a tool like VeraCrypt to create an encrypted "folder" within your Dropbox account. To Dropbox or anyone who breaks into your Dropbox account, it will just appear as one big binary file (and FYI, that means updating the WHOLE THING when you make changes, so keep the VeraCrypt folder size reasonable). You would need the VeraCrypt passphrase to decrypt the file and access the contents.

Mudpuppy
Posts: 5159
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Backup of Sensitive Information

Post by Mudpuppy » Sun Aug 13, 2017 3:23 pm

jebmke wrote:
Sat Aug 12, 2017 3:22 pm
wassabi wrote: Arq backs up my files every hour and retains old versions in case I delete or break something.
This is a critical step. Without versioning, all one has is a mirror. Anything bad that happens on the original risks being done on the "backup" copy.
That happened to a local businessman of rather large prominence in the local media. He was hit with ransomware and his backup solution did not include versioning, so everything was encrypted by the ransomware, including his backups. He lost decades of data, unless someone comes out with a master key for that particular ransomware (or he pays the ransom and actually gets a decryption key from the ransomware authors).

User avatar
AAA
Posts: 761
Joined: Sat Jan 12, 2008 8:56 am

Re: Backup of Sensitive Information

Post by AAA » Mon Aug 14, 2017 12:22 pm

mrb09 wrote:
Sat Aug 12, 2017 6:31 pm
You can create a .dmg file and put in your dropbox folder. Dropbox just knows about your encrypted file, the file is accessed locally on your mac, your dmg password is never sent to dropbox.
In further researching this, I was told that the .dmg encryption password is part of the .dmg file and so technically is sent to Dropbox. This is so because you can put that .dmg file on any other Mac and open it with the .dmg password. But I guess as long as that password is complex enough, it should be safe to leave the .dmg file on Dropbox.

takeshi
Posts: 1018
Joined: Thu Oct 03, 2013 10:02 pm

Re: Backup of Sensitive Information

Post by takeshi » Tue Aug 15, 2017 7:38 am

AAA wrote:
Sat Aug 12, 2017 1:01 pm
I understand also that places like Dropbox allow encryption but they keep the password, which I would not want.
CrashPlan was mentioned above and they give you the option to use a custom key that they don't have access to. I'm guessing they're not the only option.

I was using an encrypted USB drive but switched quite some time ago to using Veracrypt & Dropbox which is also a solution suggested above. Dropbox doesn't have access to the Veracrypt key. I also use CrashPlan -- primarily for backing up data that isn't in my Dropbox but while it's at it I have it back up my Dropbox as well. Time Machine gives me a local backup.
Mudpuppy wrote:
Sun Aug 13, 2017 3:18 pm
and FYI, that means updating the WHOLE THING when you make changes
Dropbox is able to sync only the changed portion of the file. Initial sync was lengthy but my updates are usually small and syncs for the updates are very quick.

lazydavid
Posts: 932
Joined: Wed Apr 06, 2016 1:37 pm

Re: Backup of Sensitive Information

Post by lazydavid » Tue Aug 15, 2017 8:26 am

takeshi wrote:
Tue Aug 15, 2017 7:38 am
Mudpuppy wrote:
Sun Aug 13, 2017 3:18 pm
and FYI, that means updating the WHOLE THING when you make changes
Dropbox is able to sync only the changed portion of the file. Initial sync was lengthy but my updates are usually small and syncs for the updates are very quick.
That is irrelevant for encrypted files. If you change just one byte of a 1GB encrypted file, that will result in a new 1GB file that has close to zero bytes in common with the original file. Ergo, needing to re-upload the whole thing any time changes are made, and rapidly consuming all available storage.

jebmke
Posts: 6345
Joined: Thu Apr 05, 2007 2:44 pm

Re: Backup of Sensitive Information

Post by jebmke » Tue Aug 15, 2017 8:46 am

lazydavid wrote:
Tue Aug 15, 2017 8:26 am
That is irrelevant for encrypted files. If you change just one byte of a 1GB encrypted file, that will result in a new 1GB file that has close to zero bytes in common with the original file. Ergo, needing to re-upload the whole thing any time changes are made, and rapidly consuming all available storage.
That has been my experience with Google Drive as well. I think even a minor change inside the encrypted file results in a complete re-scramble of the entire file. I only put small Veracrypt files on my Google Drive. I mainly do this for archival information since it doesn't really provide a robust versioning. For example, I have all the PDFs of my tax returns back to the 1970s in one Veracrypt file. I make one update every year so it only involves one upload.
When you discover that you are riding a dead horse, the best strategy is to dismount.

barnaclebob
Posts: 1998
Joined: Thu Aug 09, 2012 10:54 am

Re: Backup of Sensitive Information

Post by barnaclebob » Tue Aug 15, 2017 9:10 am

I just keep a hard drive at work that I take home to backup my backup after I file taxes. If all is lost in a fire at home I would only lose pictures that weren't important enough to share on facebook from the last year at worst.

What kind of irreplaceable financial records do you guys keep on your home computer if you don't own a business? Scans of receipts? Budgeting data? Literally the only financial records I keep on my computer are my federal tax returns (no state or local) and I don't have a formal budget. I don't really have a complicated financial life so I'm just curious.

jebmke
Posts: 6345
Joined: Thu Apr 05, 2007 2:44 pm

Re: Backup of Sensitive Information

Post by jebmke » Tue Aug 15, 2017 9:43 am

Most of my statements and confirmations are on my computer. My Quicken file includes the tax basis history for my entire taxable investment account.

A fair amount of my HSA documentation is on my computer.

I am also on a couple of boards for non-profits and perform some free audits of two others. All those records are computerized (and backed up).

Some things are technically replaceable but it would be difficult to do and would be very difficult to remember what was out there if there was a massive failure of the hard disk (losing everything as opposed to having one or two files corrupted).
When you discover that you are riding a dead horse, the best strategy is to dismount.

mrb09
Posts: 57
Joined: Wed Aug 03, 2016 9:02 am

Re: Backup of Sensitive Information

Post by mrb09 » Tue Aug 15, 2017 9:48 am

AAA wrote:
Mon Aug 14, 2017 12:22 pm
mrb09 wrote:
Sat Aug 12, 2017 6:31 pm
You can create a .dmg file and put in your dropbox folder. Dropbox just knows about your encrypted file, the file is accessed locally on your mac, your dmg password is never sent to dropbox.
In further researching this, I was told that the .dmg encryption password is part of the .dmg file and so technically is sent to Dropbox. This is so because you can put that .dmg file on any other Mac and open it with the .dmg password. But I guess as long as that password is complex enough, it should be safe to leave the .dmg file on Dropbox.
Not trying to be too pedantic about this, but this is an important point and a fundamental principle of modern encryption: the key is not stored in the dmg file. Instead, the bits are "scrambled" and "unscrambled" using the key. You absolutely cannot look into the file and get the password. To crack the file, the only way to get in is to generate a test password and try it. So is very important to generate a good password -- the first thing folks do to crack it is run through a dictionary of popular passwords. That can take a few seconds. Past that, with a good password, you're into possible years of computing power to crack.

Blueskies123
Posts: 175
Joined: Sat Nov 15, 2014 7:18 pm
Location: South Florida

Re: Backup of Sensitive Information

Post by Blueskies123 » Tue Aug 15, 2017 10:07 am

wassabi wrote:
Sat Aug 12, 2017 3:18 pm
I use Arq backup software to encrypt my files locally and backup to OneDrive. I only use OneDrive because I have a fee terabyte through Office 365. Arq works with Amazon, google, and quite a few others. Arq is local software that backs up your files, encrypts them locally, and then sends them to the online destination. I know the OP is not interested in online backup - I'm also skeptical and would never store my personal files in Dropbox, OneDrive, or any other place. However, with the encryption happening locally on my machine with my own encryption key I am willing to send my files to the cloud. Arq backs up my files every hour and retains old versions in case I delete or break something. Very highly recommended for a second or third backup option (the first being a local copy).
I was looking at encryption for some files but could not understand an aspect of local encryption keys. You have the key stored locally and then all your hardware is stolen or destroyed. So then you buy a new computer and download your encrypted file how do you decrypt your files without the local key?
FIRE July 2015

jebmke
Posts: 6345
Joined: Thu Apr 05, 2007 2:44 pm

Re: Backup of Sensitive Information

Post by jebmke » Tue Aug 15, 2017 10:15 am

Blueskies123 wrote:
Tue Aug 15, 2017 10:07 am
I was looking at encryption for some files but could not understand an aspect of local encryption keys. You have the key stored locally and then all your hardware is stolen or destroyed. So then you buy a new computer and download your encrypted file how do you decrypt your files without the local key?
You have to maintain a copy of the key somewhere that doesn't get destroyed. This could be in a safe deposit box, your head -- but somewhere. If you don't have it, you do lose the data.
When you discover that you are riding a dead horse, the best strategy is to dismount.

Mudpuppy
Posts: 5159
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Backup of Sensitive Information

Post by Mudpuppy » Tue Aug 15, 2017 10:29 am

takeshi wrote:
Tue Aug 15, 2017 7:38 am
Mudpuppy wrote:
Sun Aug 13, 2017 3:18 pm
and FYI, that means updating the WHOLE THING when you make changes
Dropbox is able to sync only the changed portion of the file. Initial sync was lengthy but my updates are usually small and syncs for the updates are very quick.
A proper encryption methodology should produce output that is indistinguishable from a random file. It's an actual crypto principle called the "real-or-random" test where an observer should not be able to tell if output is from the real crypto algorithm or a random generator at a rate greater than guessing. That means if you change a properly encrypted folder, the entire binary file behind it changes. If it behaved any differently, it would fail the real-or-random test.

Now, VeraCrypt might have an option to separate out its encrypted folder into different underlying files, then only change specific underlying files when the folder changes. Many tools that operate on large files have that option. It would look like one folder to anyone using the tool, but either a series of binary files or a single binary file with an internal series of binary files (a file of files methodology) to anyone not using the tool. That makes it easier to sync, but does make it a little weaker from a cryptanalysis side since it now fails the real-or-random test for the folder as a whole. It gives the attackers monitoring your traffic a tiny bit of an edge, because now they know the "interesting" parts of the folder. They still have to break the underlying encryption, which is impractical currently, but it's still a slightly weaker approach overall.

Honestly, I don't bother with it personally. I use partition-level encryption on a series of rotated external hard drives for backup. One drive stays at work in a locked file cabinet. But that's a more high-level approach than it sounded like the OP wanted.

User avatar
AAA
Posts: 761
Joined: Sat Jan 12, 2008 8:56 am

Re: Backup of Sensitive Information

Post by AAA » Tue Aug 15, 2017 11:18 am

mrb09 wrote:
Tue Aug 15, 2017 9:48 am
Not trying to be too pedantic about this, but this is an important point and a fundamental principle of modern encryption: the key is not stored in the dmg file.
That Wikipedia reference is way over my head but I think I understand what you are saying. If the password for my encrypted file is Hello, a poor password but just a simple example, then the word Hello does not explicitly exist anywhere inside the encrypted file. But when I enter the password Hello, the file uses the password to reconstruct the password and verify it. So in effect, in order to get the password from the encrypted file, you need to know the password or else potentially spend years trying to guess it. If that's correct, then it certainly makes me feel better about putting an encrypted file somewhere like Dropbox. Thanks.

jebmke
Posts: 6345
Joined: Thu Apr 05, 2007 2:44 pm

Re: Backup of Sensitive Information

Post by jebmke » Tue Aug 15, 2017 1:13 pm

The file doesn't use the password to decrypt. The password is used by the program that encrypts or decrypts the data and places it in the file.
When you discover that you are riding a dead horse, the best strategy is to dismount.

Blueskies123
Posts: 175
Joined: Sat Nov 15, 2014 7:18 pm
Location: South Florida

Re: Backup of Sensitive Information

Post by Blueskies123 » Wed Aug 16, 2017 8:52 am

jebmke wrote:
Tue Aug 15, 2017 10:15 am
Blueskies123 wrote:
Tue Aug 15, 2017 10:07 am
I was looking at encryption for some files but could not understand an aspect of local encryption keys. You have the key stored locally and then all your hardware is stolen or destroyed. So then you buy a new computer and download your encrypted file how do you decrypt your files without the local key?
You have to maintain a copy of the key somewhere that doesn't get destroyed. This could be in a safe deposit box, your head -- but somewhere. If you don't have it, you do lose the data.
Will you please answer one other question. If I have to type in the local key does that mean the local key is simply the password used to encrypt the file. When I used Boxcrypter their software said they store the key in the cloud but I still needed a password to open Boxcrypter.
FIRE July 2015

jebmke
Posts: 6345
Joined: Thu Apr 05, 2007 2:44 pm

Re: Backup of Sensitive Information

Post by jebmke » Wed Aug 16, 2017 8:57 am

I think it depends on how the software is designed. From your description it appears that Boxcryptor keeps the key in their system and you have a password to get the key. If this is correct, it isn't a system I would use since it implies that BC has your key and simply has an arrangement to give it to you only if you give them the secret handshake (your password). I only use encryption that keeps the key local (Veracrypt, Keepass).
When you discover that you are riding a dead horse, the best strategy is to dismount.

User avatar
jainn
Posts: 156
Joined: Tue Jun 28, 2011 6:41 pm

Re: Backup of Sensitive Information

Post by jainn » Wed Aug 16, 2017 9:21 am

AAA wrote:
Sat Aug 12, 2017 1:01 pm
I've read some threads on this topic, but things change quickly in this arena so I'm not sure if prior recommendations are up to date. Also, I have a very specific situation - I am using a Mac and have created an encrypted USB drive on which I store financial records. So I insert it into the computer, it asks me for a password and then opens a folder on the desktop. Whenever I make a change to it, I also copy the new files onto a duplicate encrypted drive that I store in another room of my house. So the weak link here is that they are both in my house. Keeping one in a bank vault box would not be convenient as I do updates fairly frequently. As a result, I'm looking at some kind of cloud solution.

I do not trust any online service to protect my data - that is not something I can be convinced to do so please don't try. I understand also that places like Dropbox allow encryption but they keep the password, which I would not want.

I can create an encrypted disk drive on my Mac and then just move the .dmg file to someplace like Dropbox. If I double-click on the disk image in Dropbox, will it ask for a password and open? If so, aren't I putting the password out on the internet? Would it be better to simply update my version of the .dmg file and then overwrite the one that's in Dropbox? Any suggestions to how to most easily accomplish what I want are appreciated.

www.idrive.com - they give you option of keeping your encryption key private during the installation and it is only known to you. The negative for some (not for you), is that if you forget the key, they can't decrypt it or offer any assistance.

It's free for 5gb.

Mudpuppy
Posts: 5159
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Backup of Sensitive Information

Post by Mudpuppy » Wed Aug 16, 2017 10:24 am

Blueskies123 wrote:
Wed Aug 16, 2017 8:52 am
Will you please answer one other question. If I have to type in the local key does that mean the local key is simply the password used to encrypt the file. When I used Boxcrypter their software said they store the key in the cloud but I still needed a password to open Boxcrypter.
I have no familiarity with this software, but according to Boxcryptor's website, they store the private keys encrypted with your password. They tout repeatedly how they use a zero-knowledge approach and how your password never leaves your device. However, they store a double-hashed version of your password on their servers as well. Since the double-hashed passwords and keys encrypted with the password are stored on Boxcryptor's servers, they are vulnerable to an attack intended to steal those two pieces of data.

An attacker cannot use the double-hashed password directly to decrypt the private keys, but they can brute-force the hashing methodology. This is otherwise known as "guess-and-try", where they guess a password, hash it (double-hash in this case), and compare it to the hash they stole to see if there's a match. The speed of this process depends greatly on the hash algorithm used. For example, an attacker equipped with a multi-card GPU rig can guess several billions of MD5 or SHA-family passwords per second, but can only guess thousands of Bcrypt or Scrypt passwords per second. Bcrypt and Scrypt are designed for hashing passwords, so they are designed to be slow to slow down the guess-and-try attack. It looks like Boxcryptor uses a wrapper algorithm called PBKDF2 that is also intended to slow down the guess-and-try attack, but it's not quite as strong as Bcrypt or Scrypt.

What does this mean to the end user? Since the double-hashed password is stored with the data that the password can unlock, it is a bit more vulnerable than an encryption method which never stores the hashed password (regardless of iterations). How feasible that attack is really depends on the computation capacity of the attacker. They do use a methodology to slow down the attack, but slow is not the same as non-existent. Note that try-and-guess can also be used directly against the encrypted data if no password hash is stored, but it's much slower than most try-and-guess attacks against password hashes because it's harder to automate checking if the guess is correct.

User avatar
Ricola
Posts: 593
Joined: Sat Apr 26, 2008 10:38 am

Re: Backup of Sensitive Information

Post by Ricola » Wed Aug 16, 2017 10:49 am

Mudpuppy wrote:
Wed Aug 16, 2017 10:24 am
Blueskies123 wrote:
Wed Aug 16, 2017 8:52 am
Will you please answer one other question. If I have to type in the local key does that mean the local key is simply the password used to encrypt the file. When I used Boxcrypter their software said they store the key in the cloud but I still needed a password to open Boxcrypter.
I have no familiarity with this software, but according to Boxcryptor's website, they store the private keys encrypted with your password. They tout repeatedly how they use a zero-knowledge approach and how your password never leaves your device. However, they store a double-hashed version of your password on their servers as well. Since the double-hashed passwords and keys encrypted with the password are stored on Boxcryptor's servers, they are vulnerable to an attack intended to steal those two pieces of data.

An attacker cannot use the double-hashed password directly to decrypt the private keys, but they can brute-force the hashing methodology. This is otherwise known as "guess-and-try", where they guess a password, hash it (double-hash in this case), and compare it to the hash they stole to see if there's a match. The speed of this process depends greatly on the hash algorithm used. For example, an attacker equipped with a multi-card GPU rig can guess several billions of MD5 or SHA-family passwords per second, but can only guess thousands of Bcrypt or Scrypt passwords per second. Bcrypt and Scrypt are designed for hashing passwords, so they are designed to be slow to slow down the guess-and-try attack. It looks like Boxcryptor uses a wrapper algorithm called PBKDF2 that is also intended to slow down the guess-and-try attack, but it's not quite as strong as Bcrypt or Scrypt.

What does this mean to the end user? Since the double-hashed password is stored with the data that the password can unlock, it is a bit more vulnerable than an encryption method which never stores the hashed password (regardless of iterations). How feasible that attack is really depends on the computation capacity of the attacker. They do use a methodology to slow down the attack, but slow is not the same as non-existent. Note that try-and-guess can also be used directly against the encrypted data if no password hash is stored, but it's much slower than most try-and-guess attacks against password hashes because it's harder to automate checking if the guess is correct.
Mudpuppy,
What is you opinion of Cryptomator? compared to Veracrypt?
Thanks

Mudpuppy
Posts: 5159
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Backup of Sensitive Information

Post by Mudpuppy » Wed Aug 16, 2017 11:26 am

Ricola wrote:
Wed Aug 16, 2017 10:49 am
Mudpuppy,
What is you opinion of Cryptomator? compared to Veracrypt?
Thanks
I'm not familiar with Cryptomator, but while it is open-source, it does not appear to have been independently audited with formalized, published results. Veracrypt on the other hand has been independently audited: https://ostif.org/the-veracrypt-audit-results/

Auditing is an important aspect of security tools because the tools are coded by humans and humans make mistakes. Every tool has a vulnerability, it's just a matter of whether or not that vulnerability has been discovered and addressed. Having another set of eyeballs look at the source code can help spot issues that the developers have become "blind" to because they're human and humans have the tendency to overlook minutia in things they deal with on a daily basis.

User avatar
weltschmerz
Posts: 258
Joined: Thu Jul 30, 2009 9:17 pm
Location: SoCal

Re: Backup of Sensitive Information

Post by weltschmerz » Wed Aug 16, 2017 9:15 pm

I see a lot of recommendations in this thread for Veracrypt. I have used it and I liked it, but my concern is that one day soon, everything will be "in the cloud", so I don't want to have to rely on any programs that I have to install on my own computer. My computer is pretty old and I am planning for its successor to be a Chromebook, so I need a web-based encryption tool. I have used MiniLock for this in the past, but it sounds like Boxcryptor may also be worth looking at.

Post Reply