What Do You Use To Store Digital Files
September 22, 2019 6:44 AM Subscribe
Hi Folks,
Quick question - what do you use to store sensitive files such as tax returns, medical records, etc.
Dropbox doesn't offer encryption - I'd like a place to store the files in a safe way; also, if they can be stored online and not on my hard drive, that would safe me a lot of space.
Best answer: I use Cryptomator, and have been using it for several years. It works nicely in Dropbox for sharing sensitive files with my wife in a Dropbox shared folder. Perhaps create one vault per year and set the older years as online-only.
I used Boxcryptor previously, but their $48/year plan wasn’t worth it to me.
Another possibility might be Keybase, but I haven’t used it that much.
posted by dttocs at 7:05 AM on September 22, 2019 [1 favorite]
I used Boxcryptor previously, but their $48/year plan wasn’t worth it to me.
Another possibility might be Keybase, but I haven’t used it that much.
posted by dttocs at 7:05 AM on September 22, 2019 [1 favorite]
Keybase is pretty great for this. The drive mounting (on OSX) seems solid but I haven’t put it through its paces a ton.
posted by supercres at 8:03 AM on September 22, 2019
posted by supercres at 8:03 AM on September 22, 2019
I keep them in a password-protected (and encrypted) OneNote notebook, which is shared on my Microsoft OneDrive account. I'd been fairly blasé about security, but looking it up, it seems it's plenty good enough (unlike password protecting Office documents).
posted by ambrosen at 8:27 AM on September 22, 2019
posted by ambrosen at 8:27 AM on September 22, 2019
zip them up in a password protected file (I use 7zip to do this) and then upload them to Dropbox or your desired cloud service.
posted by soelo at 8:36 AM on September 22, 2019 [4 favorites]
posted by soelo at 8:36 AM on September 22, 2019 [4 favorites]
Dropbox does actually encrypt your files when at rest, with keys derived from a hash function over the contents of the file itself; this technique allows multiple copies of identical content to be stored as a single file on their servers and just linked from multiple accounts. This means that the only way to decrypt a file stored on Dropbox is to have had prior access to the decrypted version at some point. For example, in order for an attacker to decrypt your medical records after stealing them from a Dropbox server, they must also either have stolen your account information as well, or must already have had prior access to your medical records to generate the right hash code to decrypt them with, making the theft from Dropbox somewhat pointless.
Presumably Dropbox has a few more layers of security around their key/account servers than around their encrypted bulk storage, but you're completely correct not to trust any encryption that isn't done on equipment in your sole control with keys known only to you.
You can encrypt any file or collection of files by wrapping them in a password protected 7Zip archive. 7Zip password protection is implemented using AES256 encryption, so it's safe enough for most purposes provided you're careful about making sure that decrypted versions don't accidentally get left lying around after archives get created and/or opened. Best practice is to right-click an encrypted archive and extract it to a specific location rather than just opening it with a double-click, because the latter is implemented using extraction to a temp folder that it's often hard to find and easy to forget to clean up afterwards.
Use decent password management software like KeePass to generate and remember a long, random, unique encryption password for each archive you make, as well as remembering its online URL if you then store it in a sharing service like Dropbox.
7Zip and KeePass have both been around for a good long while and are likely to remain supported indefinitely on most platforms.
Small files like banking details that you're likely to want to read fairly often can be stored inside your encrypted KeePass database itself, as attachments to entries created inside that database. This gives them the same level of protection as your passwords: multiple rounds of AES256 encryption and great care taken by the software not to leave decrypted remnants lying about in your filesystem or RAM for extended periods.
posted by flabdablet at 8:53 AM on September 22, 2019 [8 favorites]
Presumably Dropbox has a few more layers of security around their key/account servers than around their encrypted bulk storage, but you're completely correct not to trust any encryption that isn't done on equipment in your sole control with keys known only to you.
You can encrypt any file or collection of files by wrapping them in a password protected 7Zip archive. 7Zip password protection is implemented using AES256 encryption, so it's safe enough for most purposes provided you're careful about making sure that decrypted versions don't accidentally get left lying around after archives get created and/or opened. Best practice is to right-click an encrypted archive and extract it to a specific location rather than just opening it with a double-click, because the latter is implemented using extraction to a temp folder that it's often hard to find and easy to forget to clean up afterwards.
Use decent password management software like KeePass to generate and remember a long, random, unique encryption password for each archive you make, as well as remembering its online URL if you then store it in a sharing service like Dropbox.
7Zip and KeePass have both been around for a good long while and are likely to remain supported indefinitely on most platforms.
Small files like banking details that you're likely to want to read fairly often can be stored inside your encrypted KeePass database itself, as attachments to entries created inside that database. This gives them the same level of protection as your passwords: multiple rounds of AES256 encryption and great care taken by the software not to leave decrypted remnants lying about in your filesystem or RAM for extended periods.
posted by flabdablet at 8:53 AM on September 22, 2019 [8 favorites]
Zip file password protection, by the way, is not as strong as 7Zip password protection.
posted by flabdablet at 8:56 AM on September 22, 2019
posted by flabdablet at 8:56 AM on September 22, 2019
I keep at least two backups, both in an encrypted file. One is in a Google drive, the other is on a flash drive hidden at a trustworthy friend's house.
posted by Candleman at 9:13 AM on September 22, 2019
posted by Candleman at 9:13 AM on September 22, 2019
I also really like Tresorit for Dropbox-like functionality with end-to-end encryption. Can be more expensive than some competitors, but I have found them to be super reliable and their customer service is great.
Also see: wiki entry on Tresorit
posted by bitterkitten at 10:59 AM on September 22, 2019 [1 favorite]
Also see: wiki entry on Tresorit
posted by bitterkitten at 10:59 AM on September 22, 2019 [1 favorite]
You are going to get different answers depending on who you are protecting your files from, for how long, and how much hassle you are willing to put up with.
First example: others have recommended 7zip. It uses good AES, but the way they translate your password into an AES key is goofy. (Cat plus medium big number of sha iterations instead of a known good key derivation function like argon). This used to be good enough, but the bitcoin and GPU world has created machines that make cracking affordable to people with a couple hundred dollars today. If you are worried by The Man today or anybody 10 years from now, that’s not good enough. If you just want to be protected if you accidentally share a Dropbox folder, it’s probably ok. You can raise your odds/ time horizon by using an absurdly strong password (30 random characters) generated by your password safe (bitwarden, onepassword).
If you want a dropbox like thing with strong encryption and security that will last for decades, the most rigorous design I’ve seen is spideroak.com.
If you want to encrypt backups against high schooler hackers 10 years from now, most backup tools have pretty good encryption and are easy to use consistently. Borgbase, tarsnap and duplicati are all good examples, and they can put the encrypted backups in the cloud.
If you are on a Mac, it is easy to set up an “encrypted disk image” , a file that acts like a hard drive, and one password will encrypt the whole drive. The file can be copied to the cloud for backup. You can do this on windows, but it is more complicated to set up.
posted by unknown knowns at 11:26 AM on September 22, 2019 [2 favorites]
First example: others have recommended 7zip. It uses good AES, but the way they translate your password into an AES key is goofy. (Cat plus medium big number of sha iterations instead of a known good key derivation function like argon). This used to be good enough, but the bitcoin and GPU world has created machines that make cracking affordable to people with a couple hundred dollars today. If you are worried by The Man today or anybody 10 years from now, that’s not good enough. If you just want to be protected if you accidentally share a Dropbox folder, it’s probably ok. You can raise your odds/ time horizon by using an absurdly strong password (30 random characters) generated by your password safe (bitwarden, onepassword).
If you want a dropbox like thing with strong encryption and security that will last for decades, the most rigorous design I’ve seen is spideroak.com.
If you want to encrypt backups against high schooler hackers 10 years from now, most backup tools have pretty good encryption and are easy to use consistently. Borgbase, tarsnap and duplicati are all good examples, and they can put the encrypted backups in the cloud.
If you are on a Mac, it is easy to set up an “encrypted disk image” , a file that acts like a hard drive, and one password will encrypt the whole drive. The file can be copied to the cloud for backup. You can do this on windows, but it is more complicated to set up.
posted by unknown knowns at 11:26 AM on September 22, 2019 [2 favorites]
I save those things in a veracrypt file that resides on dropbox
posted by kbuxton at 11:44 AM on September 22, 2019
posted by kbuxton at 11:44 AM on September 22, 2019
you're completely correct not to trust any encryption that isn't done on equipment in your sole control with keys known only to you.
You are going to get different answers depending on who you are protecting your files from, for how long, and how much hassle you are willing to put up with.
Seconding both.
Do you expect to access the files regularly or only archive and perhaps never look at again?
posted by Bangaioh at 12:21 PM on September 22, 2019
You are going to get different answers depending on who you are protecting your files from, for how long, and how much hassle you are willing to put up with.
Seconding both.
Do you expect to access the files regularly or only archive and perhaps never look at again?
posted by Bangaioh at 12:21 PM on September 22, 2019
I noticed OneDrive has a new “personal vault” which is encrypted for secure item storage. I get onedrive because I pay for an office365 subscription for my family to have office on our personal computers.
I also use Bitwarden for a password manager which has file attachment storage if you pay for premium. It’s good for a few sensitive documents. I recommend it.
posted by escher at 5:40 PM on September 22, 2019
I also use Bitwarden for a password manager which has file attachment storage if you pay for premium. It’s good for a few sensitive documents. I recommend it.
posted by escher at 5:40 PM on September 22, 2019
Seconding SpiderOak. No connection with them except as long-time contented customer.
posted by humbug at 6:39 PM on September 22, 2019
posted by humbug at 6:39 PM on September 22, 2019
I use Syncthing, which is like a Dropbox you can host yourself. My laptop has full-disk encryption, and the server I run from my house has full-disk encryption too, so I consider this reasonably secure for my purposes. (I also claim that this counts as backing up my stuff, although there's still some risk I will misconfigure Syncthing or it will have a bug and everything will get blown away on both machines.) It works well for me.
posted by value of information at 1:58 AM on September 23, 2019
posted by value of information at 1:58 AM on September 23, 2019
the way they translate your password into an AES key is goofy
True, but if you're using a unique and very long password randomly generated by KeePass, this doesn't matter. And if you're not doing that, you should be. Not even argon is going to turn pa55w0rd or hunter2 into a safe encryption key.
KeePass gives you an entropy estimate for the passwords it generates, based on the alphabet size and password length. If you're generating random passwords to be used as encryption keys, and you crank the generator settings up so that the password itself represents more than 256 bits of entropy, it really doesn't matter what method is subsequently used to translate that into a 256-bit key for use by AES256 as long as that method is not completely stupid broken.
Good key derivation functions like argon are good because they make the process of turning passwords into encryption keys very slow, so that even if the original password has many fewer than 256 bits of entropy it will still take so much time to make a 256-bit key out of each password in the search space as to make brute-force key retrieval infeasible. In effect, the extreme sloth of the key derivation function works like some amount of extra entropy added to the password. But if the password is at least 256 bits strong to begin with, then as long as the key derivation function doesn't actually lose entropy it doesn't matter how quick it is.
posted by flabdablet at 6:01 AM on September 23, 2019
True, but if you're using a unique and very long password randomly generated by KeePass, this doesn't matter. And if you're not doing that, you should be. Not even argon is going to turn pa55w0rd or hunter2 into a safe encryption key.
KeePass gives you an entropy estimate for the passwords it generates, based on the alphabet size and password length. If you're generating random passwords to be used as encryption keys, and you crank the generator settings up so that the password itself represents more than 256 bits of entropy, it really doesn't matter what method is subsequently used to translate that into a 256-bit key for use by AES256 as long as that method is not completely stupid broken.
Good key derivation functions like argon are good because they make the process of turning passwords into encryption keys very slow, so that even if the original password has many fewer than 256 bits of entropy it will still take so much time to make a 256-bit key out of each password in the search space as to make brute-force key retrieval infeasible. In effect, the extreme sloth of the key derivation function works like some amount of extra entropy added to the password. But if the password is at least 256 bits strong to begin with, then as long as the key derivation function doesn't actually lose entropy it doesn't matter how quick it is.
posted by flabdablet at 6:01 AM on September 23, 2019
« Older Why can't I unfreeze one of my three credit scores... | Cool, Feminine, and Comfortable Newer »
This thread is closed to new comments.
posted by mathiu at 7:02 AM on September 22, 2019