While the likelihood of this actually happening to you is probably very low, recent headlines about hack attacks against Sony, Gmail and even LastPass prove that you can never be too safe. With that in mind, I thought I’d share with you a tip for making your Dropbox data more secure. In particular, it prevents an unscrupulous employee at Dropbox from accessing your most sensitive data by encrypting it.

TrueCrypt + Dropbox = Super Security

I am 100% comfortable putting this text document in my public folder.  Why? Because it’s in an encrypted volume that I created with TrueCrypt. Go ahead and download it, if you’d like—you won’t be able to get to that text document without my password and keyfiles. You can try cracking it, if you’d like, but it’s encrypted with AES and a RIPEMD-160 hash. Meanwhile, I can still access that file just as easily as I can my other Dropbox files. Groovy, huh? Here’s how I did it: Stage 1 – Create the Truecrypt Volume Stage 2 – Mount the Truecrypt Volume

Creating a TrueCrypt Volume

Step 1

Download and install TrueCrypt for free. The instructions here are pretty straightforward.

Note: There are two ways to install TrueCrypt. For Dropbox users, I would recommend the Extract method. This creates a portable version of the app that you can put on a USB drive or even in your Dropbox folder. This saves you from downloading and installing TrueCrypt if you are using someone else’s computer. For your main computer, feel free to do the default install.

Step 2

Run TrueCrypt.exe and Click Create Volume.

Step 3

Select Create an encrypted file container. There are some more advanced options here, but we’ll cover those later. Click Next.

Step 4

Select Standard TrueCrypt volume and Click Next.

Step 5

Click Select File…

…and then browse to your Dropbox folder. Create a filename for your volume. It can be anything you want—the extension doesn’t matter.

It doesn’t even need an extension, in fact. Originally, I thought it would be clever to disguise it as another file type, such as “mysummervacay.jpg” but it turns out that this can cause false positives from your virus scanner. To stick with convention, go with .tc or skip the extension altogether.

Step 6

Feel free to change the encryption options. There are some useful links here to help you understand your different choices, but I imagine they are all sufficiently secure. I stuck with the defaults.

Step 7

Choose a volume size. You’ll want to choose this realistically based on how much Dropbox space you want to devote to your encrypted volume. If you’re like me and only use your encrypted volume for a couple of text files and perhaps a PDF, 10 MB is more than enough. If you want to encrypt your whole dang Dropbox folder, feel free to do 2 GB.

The one thing that you should note before moving on is that you can create a dynamic volume. That is, it “expands” as you add files to it, so that if it’s a 2 GB file container but it only has 5 MB of data in it, it’ll only take up 5 MB of Dropbox space. That’s nice, but it’ll run a bit slower. It’s up to you.

Step 8

Set up a password. Choose a very strong password that you can remember. Otherwise, all this encryption will be for nothing.

For more security, choose a keyfile. This can be any file on your Dropbox, on your local hard drive, or on a USB drive. It’ll work just like a key would—without this file, you can’t access the volume. So, make sure you don’t delete it! This is more secure than a password—especially if you choose multiple keyfiles.

Step 9

On the next screen, TrueCrypt will ask you to wiggle your mouse around to randomize the hash key. It’s kind of fun. When you’re satisfied, Click Format. And you’re done!

Your volume is a completely standalone file. You can drag it and drop it, copy it and paste it or move it to anywhere you’d like. To read and write to the volume, you just have to mount it using TrueCrypt.

Mounting TrueCrypt Volumes from your Dropbox

Step 1

Launch TrueCrypt and Click Select File… Then, Browse to the volume you just created and open it.

Step 2

Select a drive letter and then Click Mount.

Step 3

Enter your password and, if you chose a keyfile, browse for it by checking Use keyfiles and Clicking Keyfiles.

Step 4

Your volume will now be mounted as a local volume under Computer in Windows Explorer.

Step 5

Add files to it just like you’d save files to a USB drive. They’ll be saved in the encrypted volume, where they’ll be ready and waiting for you next time you mount the volume.

Step 6

One last thing: in order for Dropbox to sync your volume, you have to unmount it. To do so, launch TrueCrypt, select the drive and Click Dismount.

Conclusion

Dropbox is already fairly secure. But for that extra bit of protection, it’s not a bad idea to keep your most sensitive documents in an encrypted volume. You’ll still be able to access your file, as long as you have a copy of TrueCrypt handy (which can be saved as portable version on your Dropbox account) and can remember your password. You won’t be able to access items in an encrypted volume from the web or a smartphone, either. I recommend using TrueCrypt for infrequently accessed files, such as financial documents, old tax returns, and other sensitive material that you might have if you’ve transitioned to a digital filing system. Nonetheless, this certainly is a good security option. Thanks. I just think a lot of people, including myself, don’t want to put anything in the cloud that is highly “sensitive.” Even if it is encrypted. I’ve been able to upload password protected files of which I’ve lost/forgotten the password and had them cracked in seconds. . . so I’m not sure how protected anything can actually ever be unless you have it on an external storage device, encrypted, and hidden ;) I think the cloud is great and this article certainly adds a layer of security but would you trust it for something highly sensitive you’re putting in the cloud or would you keep it out of the cloud? Like you state, once in the email it may well be forever in an archive and probably not just yours. While I do a lot of purchasing on-line I’m careful to ensure that certain info never goes over the web. Sure, a credit card might get scammed (best to use a temp number cc) but I’m pretty well protected there and that’s easy to find out but letting your ss & account numbers out. . . that can cause some real damage. I’ve first made my volume to 1Gb but I can see why a smaller volume size it’s better since DB sync is taking ages to complete. Many thanks! Thanks in advance! I see most encrypters like boxcrypt etc encrypts on file level so only the file is reloaded, obviously the name, type etc is also encoded. Wish there was a way to get truecrypt to work like this… When you create your new TrueCrypt container file, all of it has to be uploaded to the Dropbox servers. Thereafter, only the changed parts have to be transferred. This works well with TrueCrypt because TrueCrypt uses a block cipher. When data is changed in a TrueCrypt container file, it only affects the blocks containing the data and not the rest of the file. One fly in the ointment as Jack said is that you have to unmount your TrueCrypt volume before Dropbox will transfer the changes, even though TrueCrypt makes changes to the file as you work. TrueCrypt must be denying read access on open container files which is why the transfer can’t happen until you unmount the volume. A consequence of this is that if you just rely on the automatic unmount when you log off your pc, your changes won’t be synced with other devices until you log back into your pc again at which point they’ll at last be uploaded to Dropbox. Also not sure why you say anyone that can find your Dropbox folder has access to your webspace with no password required. Anything they put in the folder will be uploaded to the Dropbox servers but they won’t be able to explicitly download anything from Dropbox and to login to the website as you, they’ll need your Dropbox password. However, if you think someone can access your computer and get to all the unencrypted files in your Dropbox folder, they probably have all they want already Comment

Δ