current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Information Security Stack Exchange is a question and answer site for information security professionals. Join them; it only takes a minute:

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 24 down vote favorite

For the record, I understand that absolutely no service is safe, and "the only way to keep a computer from getting hacked is to never connect it to the network". So, we've got that out of the way.

I wanted to understand the Dropbox has started encrypting its data-at-rest with 2048-bit AES encryption. So, my simple question is, do we still need to encrypt our Dropbox contents with TrueCrypt?

Are there any real advantages in terms of security/encryption in using Dropbox?

share|improve this question
6  
Welcome to Information Security SE. Is this question about Box or Dropbox? I assumed the latter and edited, feel free to rollback. Can you source the "2048-bit AES"? – Jedi yesterday
30  
For the record, 2048-bit AES doesn't exist. AES is a common symmetric encryption standard with three variants that all use a block size of 128-bits with a key that is either 128, 192, or 256 bits (that is the key is a random number is 128, 192, or 256 bits long). However, RSA, a common asymmetric encryption standard commonly uses 2048 bit keys where the the part of the key that's length is given by 2048 bit isn't a random number but is the product of two 1024-bit numbers. – dr jimbob yesterday
24  
Who's your adversary here? If a government/police subpoena your data, Dropbox will unencrypt it for them, but if you encrypted it with your own keys beforehand then they're out of luck. – Robert Fraser 22 hours ago
5  
Huh? Am I missing something here? Truecrypts encrypts the HD, as soon as data is lifted from it it is undecrypted. You cannot encrypt our Dropbox contents with TrueCrypt. Unless you mean to say a local copy/mirror of your Dropbox contents? Then edit your question. – Jan Doggen 18 hours ago
10  
@JanDoggen, you can use TrueCrypt to create local, encrypted virtual drives/containers. – Holloway 17 hours ago
up vote 55 down vote

It does not matter much how the data are encrypted as long as the owner of the data is not the only one in control of the encryption key. This in effect means that data encryption and decryption should only be done at the client and only in a safe environment where only trusted software is running. This is not the case with Dropbox: Dropbox has access to the plain data both from the Dropbox client running on your system and on the server side before encrypting for rest. Also Dropbox can decrypt the data whenever they want because they have access to the encryption key. And they will do it for sure and without you noticing when law enforcement requires it.

Whether you consider this safe enough for your own use is your own decision.

share|improve this answer
2  
This is why they can perform data deduplication. – mythofechelon 10 hours ago
    
@mythofechelon reversable (by them) encryption is also the maximum that can be supported for features that let you use dropbox as an easy way to share files with people. Having to download and decrypt offline will make it significantly harder to use for less technically inclined people. – Dan Neely 5 hours ago
up vote -3 down vote

Encrypting your data with truecrypt prevents an attacker from easily reading your data if they steal it. It also prevents (as Steffen says) Dropbox from reading your data and it also adds another layer of protection if your account is compromised.

If Dropbox themselves encrypt your data at rest it can still help prevent an attacker from easily reading your stolen data. But Dropbox can still easily read your data, and anybody who gains access to your account will also be able to as well.

share|improve this answer
1  
Event was 5.5 years ago when DropBox was considered a "start-up". The Question is about the current state. – schroeder 7 hours ago

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.