Following a post earlier this week extolling the virtues of BoxCryptor, I received an email from a reader asking how it compared to TrueCrypt when it came to securing the contents of a Dropbox. This was such a great question that it warranted a followup post all its own. For the unfamiliar, TrueCrypt is a great open-source end to end encryption tool. It is a software package that does a lot of things and does them very well. Many of its features are beyond the scope of this post. We are going to take a look at the features as they pertain specifically to Dropbox.
TrueCrypt allows users to create an encrypted disk image anywhere on the computers file system. In this case, users have been choosing to create that image inside the root of the Dropbox folder. This means that the encrypted TrueCrypt image is then synced back to the Dropbox server cloud and all other client systems attached to that Dropbox account. In order to use this encrypted disk image, the user must first mount it on a Mac or Windows PC. Once the image has been mounted, files can be copied to and from the image as though the mounted image were an attached USB thumb drive. The advantage being that any files stored on this mounted image are encrypted by the simple virtue of being saved to the TrueCrypt disk image.
There are several problems with this configuration. First is that, while the disk image is mounted, the contents of the TrueCrypt file cannot sync back to the Dropbox cloud. So real time sync is really out. So the users workflow must consist of mounting the disk image that is stored in the Dropbox. The user can then copy data to or from the image, or work on files directly off of the disk image saving their revisions back to the image. When finished, the user then dismounts the virtual disk. At this point Dropbox picks up the change to the TrueCrypt file and then uploads the entire TrueCrypt disk image file to the Dropbox server cloud.
This is the second problem. Dropbox has no way of identifying the files modified within the TrueCrypt disk image. Dropbox sees only as single file, the TrueCrypt disk image file, and identifies that it has been modified. Since it sees that image as a single file, it uploads the entire file up into the cloud. Dropbox’s ability to only sync back modified files has been eliminated in this situation. This means that, in many cases, there is a tremendous amount of overhead involved in the uploading and downloading of the encrypted disc image since the entire file is transferred with every single revision of the images contents. Not the end of the world if your TrueCrypt image is 1-2 MB. But for users storing gigabytes of data in an encrypted format, this becomes an untenable sync situation.
Both of these issues are entirely mitigated with the use of BoxCryptor. BoxCryptor creates an encrypted folder inside of the Dropbox directory, it does not create a virtual disk image. This might get a little confusing since, when the encrypted folder is created, the BoxCryptor application also mounts a virtual hard drive on the Mac desktop as a shortcut to the contents of the encrypted folder. Placing files inside of the virtual disk icon on the desktop is the same as going into the Dropbox directory and opening the BoxCryptor folder and placing the file in that location.
Lastly, the TrueCrypt solution is ripe for conflict. The contents of the disk image cannot be mounted on a second workstation if they were left open on the last workstation. Forgetting to dismount the image on one computer before opening it on another computer will either result in the corruption of the image, or a duplicate copy of the data with no means to reconcile its change files with the contents of the duplicate disk image stored in the cached Dropbox on another workstation. Confusing? Yes. Messy? Yes. Likely to happen? I consider it only a matter of time before this situation bites a user in the ass.
Additionally, the TrueCrypt solution leaves users on mobile devises such as smartphones and tablets out in the cold. There is no client app the allows access to the data in this situation. But with BoxCryptor there is a client app that allows easy access to all of the encrypted information while on the go.
It can be a little confusing, but the important takeaway is that BoxCryptor keeps its encrypted files inside a folder inside of Dropbox. And, because of this, Dropbox has the ability to sync only the changed files within the BoxCryptor directory. There is no need to send the entire contents of the BoxCryptor directory into the cloud. This means there is a massive savings on bandwidth, upload and download time, savings in sync overhead, and it also means that Dropbox has the ability to index the BoxCryptor info for changes in spite of the high level encryption.
Put more simply, TrueCrypt is a way of getting the job done. BoxCryptor is a more efficient and user friendly way of working with secure Dropbox files. Once its installed and configured, accessing the encrypted data is as seamless as access to the unencrypted data in Dropbox. Find more information on BoxCryptor here.