Backup and Sync Personal Data with Dropbox and Truecrypt

Dropbox is an easy and useful way to sync files across multiple computers. You can even share folders (and photos) with friends, family and co-workers. It’s also great as a simple backup solution for small documents.

As a backup solution, it brings me to ask the question.. What do you do if those documents are sensitive, such as financial records, bank statements, or scans of your passport?

Introducing Dropbox:

Dropbox is a file syncing service, living in “the cloud” (a fancy new name for off-site). What makes Dropbox nice, is that not only are your files stored in Dropbox world, they also reside locally on your computer. You don’t need an internet connection to access them.

With a 2GB limit for free, it’s a pretty nifty service and can easily be used as an offsite solution for backing up important documents.

Why You Need to Encrypt Sensitive Files:

Dropbox’s servers aren’t yours. Even though they encrypt the transfer using SSL, the data itself is not stored in an encrypted format. Now, what happens if a rogue employee decides they want to snoop though your data? What about a hacker breaching their systems? What about if the government decides it wants to vacuum up Dropbox data, a la AT&T?

So, the solution is to use TrueCrypt to create an appropriately encrypted container. Then you put personal data inside the encrypted storage area and send it up to Dropbox.

Creating the Truecrypt volume:

I’ve already written an article on creating an encrypted TrueCrypt volume. But before you read that tutorial and create your volume, we need to talk about how big of a container to create.

Size Concerns and Upload Rate:

When you sync with Dropbox for the first time, you’re going to find it takes a while. In some cases, it could take a long while. See, most internet services give you a large download rate (downstream) and a small upload rate (upstream). This is very common if you have DSL at home.

Cable Internet gives you a much more liberal upload rate but if you abuse it they will cap you and it’s not pretty. This is a very real concern with the future of cloud storage, online backup, video sharing and photo sending. In order to stay in the good graces of your cable provider, I’d recommend throttling your upload speed. But doing so will make your transfers take much longer.

This brings us to my point – you are going to want to create small encrypted volumes within Dropbox. I recommend no more than 256MB, preferably 128MB. If you have a small upload rate (DSL), 64MB may be more manageable for you.

A small sized encrypted volume is also a good idea as you get into adding and changing files inside it. They have to be synchronized and it could take a few minutes for the upload to finish. If you run out of room and need more space, create (or copy) additional volumes.

Working with TrueCrypt and Dropbox:

Now that you have your appropriately size TrueCrypt volume, working with it in Dropbox is easy. Just drop the volume into your Dropbox folder and it will begin to sync. Once it’s synced, open up the volume and put your files inside. When you are finished, eject / dismount the encrypted volume. Now, you’re going to notice something very important… Dropbox isn’t syncing to update your TrueCrypt volume.

This isn’t entirely a bad thing. It’s actually very secure.

With encryption, if someone can get ahold of and record the changes within an encrypted container, over time this may give them an advantage in cracking the encryption. It’s actually a good thing that TrueCrypt’s checksums don’t change that often. Now I have noticed it sync once (the very first time) but was never able to reproduce the sync after many tries.

What to do about TrueCrypt not syncing:

You have basically two options, depending on how much the non-syncing bothers you.

1. Use an encrypted .DMG from OS X instead.
2. Continue to use TrueCrypt but manually push the sync.

First, OS X encrypted volumes will sync as soon as you dismount. It works wonderfully. The downside to using an OS X encrypted volume is that its not cross-platform compatible. If you don’t care about Windows / Linux compatibility, here’s a tutorial on how to create the encrypted volume within OS X. Just be sure to choose AES-256 as your encryption scheme.

Note: You may be able to work in Windows with encrypted .DMGs via Catacombae’s hfsexplorer. However, it’s compatible with AES-128 and doesn’t say anything about AES-256. AES-128 is less secure than AES-256.

If you want true compatibility and much stronger security – I recommend you stick with TrueCrypt. All you’ll need to do is force Dropbox to sync the volume. This is how you do it:

- Close / Dismount / Eject the TrueCrypt volume.

- Drag it out of your Dropbox folder (onto the Desktop).

- Let Dropbox sync to remove the TrueCrypt volume.

- Drag the TrueCrypt volume back into your Dropbox folder.

- Dropbox will sync your TrueCrypt volume.

The only downside is that you’ll have to re-upload the entire volume. Annoying if you’re on a slow connection. Just be sure to allow for this time as with DSL, it could take 20-30 minutes to sync a 64MB file.

David Balogh tagged this post with: , , , , , , , , Read 228 articles by

2 Comments

  1. Tetsuo says:

    Just a side note. The data on Dropbox is encrypted with AES-254, and you password is probably the key (not sure, might be KEK).
    Read here >> https://www.dropbox.com/help/27

  2. David Balogh says:

    @Tetsuo

    Yes, Dropbox transfers and stores in an encrypted environment and I agree, it does look like your password is the key. However, who else has access to your password? What happens if Dropbox does have a breach? (It’s not like banks and military have never had any incidents..) What happens if a government or local agency wants access to your files?

    Basically, putting your important personal files in an encrypted volume gives you an extra layer of security against anything that may or may not happen.