The Ultimate Guide to Using TrueCrypt For Dropbox

obr2By Claire Broadley03 Jun'14 2014-01-27T09:00:20+00:00Google+

IMPORTANT NOTE: TrueCypt has shutdown under mysterious circumstances, please visit this link for more information.

 

Dropbox (2 GB for 0 $/year) is arguably the world’s best known cloud storage provider. But it isn’t perfect. In the wake of revelations about the PRISM programme, Dropbox has been criticised for its encryption practices.

TrueCrypt has been cited as the solution for shortcomings in Dropbox’s encryption policy. We wanted to find out whether the software was a realistic, usable way to add a layer of added security to our cloud storage account.

Barbed wire
©

TrueCrypt is a free, open source application. It is available for Mac, Windows up to Windows 7 and Linux. There is no version for Windows 8. In this article, we’re using the Mac version of TrueCrypt and Dropbox, but the features available in the other versions are broadly similar.

To use this guide, you will need to install the Dropbox application from  and download and install TrueCrypt from http://www.truecrypt.org/downloads. Once you have installed both applications, pause and read through the rest of our guide.

Getting Used to the Terminology

To understand the TrueCrypt interface, you may need a quick primer on the technical terms it uses.

  • A volume is a virtual container where data is stored. Think of it as a kind of storage bucket. Volumes are saved as files on your computer and, when mounted, behave like disk drives. You cannot use TrueCrypt without creating a volume first.
  • TrueCrypt assigns volumes to drive letters. These are referred to as slots.
  • To use the terminology used in TrueCrypt, volumes can be mounted and dismounted. If you use Mac or Linux, you might be familiar with these terms already. Without going into unnecessary detail, a volume must be mounted before it can be used.

When using TrueCrypt, you first create and volume, decide what you want to store in that volume and then save the volume as a file. Because we’re working with Dropbox, we will focus on the storage of Dropbox content in an encrypted TrueCrypt volume.

We’ll then mount the volume and check that it’s working.

Using TrueCrypt to Encrypt a Dropbox Folder

Let’s look at the encryption process with TrueCrypt and Dropbox. For simplicity, we’ll encrypt a single file within the Dropbox folder, but you could use the same procedure to encrypt the entire folder.

1. Create a Volume

Initially, you’ll need to create a volume in TrueCrypt. This is a virtual storage container for your encrypted file(s).

Click the Create Volume button.

Create a Volume
©

The Volume Creation Wizard opens.

2. Create the Container

On the first screen, choose the first option: Create an encrypted file container.

Create the Container
©

Continue with the Wizard.

3. Select the Volume Type

Select Standard TrueCrypt Volume. For most Dropbox users, this provides an adequate level of security. A non-hidden volume is also easier for us to work with.

Select the Volume Type
©

4. Choose the Save Location

Now, we have to decide where to save our new volume. There are a few important points to note here.

  • Although this button says Select File, we actually want to create a new file here.
  • If we select an existing file, it will be permanently overwritten.
  • Selecting an existing file does not encrypt it.
  • The file must be located within the Dropbox folder.

In my example, I have created a brand new folder, OnlineBackupReviews, within the Dropbox folder. My TrueCrypt volume will be saved as a new file called TrueCrypt Example.

Choose the Save Location
©

5. Choose the Encryption Method

In this dialog box, we can change the encryption type and hash algorithm for the volume we are creating.

Choose the Encryption Method
©

Let’s look at this dialog in more detail.

About the Encryption Algorithm

The dialog box lists the following options for encryption:

  • AES
  • Serpent
  • Twofish
  • AES-Twofish
  • AES-Twofish-Serpent
  • Serpent-AES
  • Serpent-Twofish-AES
  • Twofish-Serpent

Looking at the list, we can see that there are three encryption algorithms: AES, Serpent and Twofish. TrueCrypt allows any one of these to be used on its own, or in conjunction with others. Note the order of the options, too: AES-Twofish-Serpent is different to Serpent-Twofish-AES.

How important is this encryption method?

Well, AES-256 would reportedly take one billion billion years to crack – far longer than the universe has existed. But some people assert that the USA’s National Security Agency has already done it

The truth is that nobody knows how safe AES-256 is; all we can do is guess. For best security, you should use a combination of encryption methods.

About the Hash Algorithm

The hash algorithm is used in conjunction with the TrueCrypt random number generator to create pseudorandom strings of letters and numbers for the encryption key. (‘Pseudorandom’ simply means that the string is not truly random, but is ‘as random’ as possible given the limitations of the system.)

Options here are:

  • RIPEMD-160
  • SHA-512
  • Whirlpool

The hash algorithm simply disguises the original pseudorandom string. For most users, the default, RIPEMD-160, is sufficient.

6. Enter a Volume Size

TrueCrypt now asks how big the volume should be. Consider the size of your Dropbox storage account, and the size of the files you want to store, when setting the size of the volume here. Dropbox will always ‘see’ a file of this size, regardless of the contents of the volume.

Enter a Volume Size
©

7. Choose a Password

A weak password will render your encryption completely ineffective, so this is an important part of the setup procedure. There’s no point in security files with military-grade encryption technology if you secure them with a simple password like password1.

Ideally you should use a password generator to create a random 20-character string; longer if possible. If that’s not plausible, here’s a useful article on password creation that should give you some alternative ideas.

Choose a Password
©

TrueCrypt also allows the use of a keyfile. This is a very clever function that allows you to use any file to generate your password; without this file, the user cannot gain access. You might choose an mp3 of your favourite song, a JPG photo of your kids or file full of random characters (generated by TrueCrypt or by another application).

If you choose this keyfile method, make sure you never modify the keyfile in any way. Cropping the keyfile JPG, or changing the tags in the mp3, will render your TrueCrypt volume unusable.

8. Choose the Format Options

Don’t worry: TrueCrypt is not going to format your hard drive. The Format Options simply allow you to choose the most suitable file system for your new volume. Remember: it’s effectively a self-contained virtual disk.

Choose the Format Options
©

In most cases, you will want to create a FAT volume on Windows and a Mac OS Extended volume on a Mac. Advanced users may use the opposite, or choose None.

9. Select Cross-Platform Support

Most users almost certainly use Dropbox with different operating systems and devices, now or in the future. We highly recommend choosing the first option here to avoid any incompatibility issues.

Select Cross-Platform Support
©

10. Create Random Data and Format

TrueCrypt now generates a random pool of data by recording a string of characters based on the movement of your mouse. Move your mouse pointer in a random pattern to generate the string. When you are satisfied, click Format.

Create Random Data and Format
©

Using Your New Volume

Now that your volume has created, Dropbox will begin to upload it. You must mount it within TrueCrypt to add and remove files.

First, locate the volume by clicking the Select File button and navigating to the file containing the volume. Then, click Mount.

Mounting a TrueCrypt Volume
©

TrueCrypt will prompt you for the password. Cache the password in memory to make it easier to work with the file.

Mounting a TrueCrypt Volume (2)
©

Once the file has been mounted, it is shown in Slot 1. If I double click this line, I can open my volume and drag files in and out as though it were a regular disk.

Remember: to Dropbox, the file is always going to be roughly the same size as the volume size we set in step 6, above – even if it’s empty.

From the TrueCrypt menu, I can also:

  • Check Volume Properties to remind myself of the options I chose when creating the volume.
  • Wipe the cache (which removes passwords from RAM).
  • Back up, restore or reconfigure the selected volume using Volume Tools.
  • Dismount the selected volume, or select Dismount All to clear the list.

TrueCrypt Pros and Cons

TrueCrypt is clearly a very capable application, but it does introduce some challenges for the average Dropbox user.

  • If you’re dead set on using Dropbox as your cloud storage provider, TrueCrypt will provide the additional layer of encryption needed to keep your files safe from prying eyes.
  • It’s free, so there’s nothing to lose.
  • Once the file is encrypted, you will lose some of the best Dropbox features: file versioning, sharing and so on.
  • If you’re not technically minded, TrueCrypt’s user interface might be confusing.
  • It’s still a workaround to Dropbox’s shortcomings, and it’s not a perfect workaround either.

There are other cloud storage services that offer better encryption than Dropbox right off the shelf:

  • SpiderOak () is a cloud storage service that offers sync and backup (therefore giving you more flexibility than Dropbox). It is gaining traction because of its commitment to robust cloud security. SpiderOak offers similar features to Dropbox and you won’t lose them when your data is encrypted. Read more in my SpiderOak vs Dropbox article.
  • Mega () is the cloud storage service founded by Kim Dotcom, one of the most high profile figures in the industry. Mega was arguably the first service that placed encryption centre stage in discussions about the cloud. It may not be perfect, but it’s easier to use than TrueCrypt.

My Conclusion

I am impressed with the power of TrueCrypt, and if you’ve paid for a Dropbox account already, it’s certainly worth using. It initially looks a little baffling, but the Wizard takes most of the pain out of creating volumes.

Likewise, if you’ve committed to using Dropbox in the office, it’s easier to add TrueCrypt to the mix rather than trying to force a culture change and switch to an entirely new cloud storage provider. Admittedly, it depends how you use Dropbox.

The biggest issue is the loss of Dropbox features. The fact that you lose things like versioning makes TrueCrypt a definite compromise, and if you’re truly concerned about cloud security, there are better ways to achieve the same result.

I still prefer SpiderOak as a secure solution; users get the same benefits of Dropbox in terms of features, but with the added security of TrueCrypt. SpiderOak certainly knows its stuff when it comes to encryption and best practice.

It comes down to a balance between security and convenience, like most online services. TrueCrypt makes a poorly encrypted service much more secure, so we’d recommend it for any hardcore Dropbox user.

8 thoughts on “The Ultimate Guide to Using TrueCrypt For Dropbox”

  1. This doesn’t really explain how to send items to your secured drop box. Can I put my drop box inside the trucrypt container? Putting the container inside dropbox, it is treated as a file and not an open folder.

    I want to upload files from my iphone, using dropbox, directly to the encrypted container on my home computer.

    1. You can’t put your dropbox inside truecrypt container.
      The truecrypt container inside dropbox IS treated as a file.

      The whole point of the article is to shield the dropbox users from any possible surveillance from dropbox’s side. If you upload files from your phone, through dropbox, to… HOLD RIGHT THERE! Dropbox has clear access to your unencrypted files!

      In your case, you should have the truecrypt container in the dropbox folders of both the devices. You open the container in one device, modify files inside it, save it, and then the changes to that encrypted truecrypt container file are sent to the other device through dropbox which cannot read the contents of that encrypted truecrypt file!

  2. Hi there,
    I use Dropbox in my PC (Windows 7, 64 bits).
    I have a question for you guys…
    If I install TrueCrypt and set it to encrypt all my system (pre-boot password), will my Dropbox files suffer any change?
    Please note that I use Dropbox under the same username in different PCs.
    Thanks a lot.
    Best regards.
    Charlie.

  3. Hi Charlie,
    This will not affect your drobpox data as you encrypt whole drive, and when using it it is already decrypted so access to your data (from dropbox point of view) is normal decrypted files. Take encrypted files like compressed data (lets say ZIP file) – when you work with them (in RAM) they are already decompressed.
    Bobby

  4. Maybe I do not understand something but I had difficulties with Dropbox+TrueCrypt. If I store my TrueCrypt volume in a Dropbox folder – I can open (mount) it from my home PC. But I cannot mount it from any other PC although I provide the right password (and a keyfile – I use a keyfile). Is that the right behaviour. Isn’t there some other parameter that is stored on my PC that prevents me from decrypting volumes on another PC? I mean, if I cannot open my TC volumes on other PCs, why use Dropbox at all?

  5. Xeno: That is the same TrueCrypt file, so provided that you really input the right password, everything should work ok on the different computer. It seems, that is not the case though. I can open the same file elsewhere so you must have a bit more unique problem.

    Charlie & Bobby: If you encrypt your whole drive, it is true as Bobby said, that it won’t affect the dropbox performance. But you also lose the whole benefit of encrypting the files in the first place. The files are transferred to dropbox server unencrypted (nevermind dropbox server’s own encryption), so those files could be accessed by third party in the worst case scenario, if dropbox servers would get under an attack by outsider. Also this wouldn’t prevent goverement officials accessing those files through legal channels.

    My suggestion:
    1) Encrypt your whole drive (that way you prevent anyone from accessing the files which aren’t on dropbox).
    2) Make a TrueCrypt container on dropbox, where you store those personal files which are most valuable to you.
    3) Use non-encrypted dropbox space to store everyday files which are not so important but need to be accessed from everywhere (hence you are able to benefit from all the upsides of dropbox service)

    Cheers!

  6. The solution would work fine for a PC with a good data connection however if you have a 512mb truecrypt volume every change you make the entire 512mb would need to be uploaded again, this makes it impracticable to use a volume of that size on a mobile device. You can change the volume size to be smaller say 10mb but every time you make a change 10mb of your mobile data plan will be used if out on the road and not connected to WiFi.

    Better to just use Mega if you have a mobile device and care about safe cloud storage or use mycloud and build your own.

  7. This may sound simple but: I am less worried about cloud encryption than I am about prying eyes on my local device (a desktop computer or a laptop used while travelling). Windows is not helpful in passwording folders, and when I travel, I want to protect the folders in my office (ie keep them safe from prying eyes). I love the Dropbox feature of synchronzing several computers at once.
    1. Will using Dropbox allow for syncing between ALL desktops using dropbox+truecrypt when I change a file on one desktop? eg if I work from home, will the files be syncd at my office if truecrypt is not mounted at the office?
    2. Will truecrypt work on Windows 8 64 bit?
    3. If my home computer is secure, can I use it without truecrypt and only put truecrypt on my other, “unsecure” computers? If so, will it sync?
    4. Can I download a “good” version of trucrypt (before it was no longer supported) from Seve Gibsons site?
    Thanks for taking the time to answer.

Leave a Reply

Your email address will not be published. Required fields are marked *

More about

Most Visited News