One possible issue with Dropbox is that the encryption keys are in the hands of Dropbox and whoever else Dropbox gives them to.
Using Dropbox with Truecrypt I’m able to keep encryption keys on memory sticks. Using personal keys along with the TrueCrypt password provides an extra layer of security to Dropbox. This involves some extra steps, that can be tedious, but it will protect data while stored in the cloud. This solution allows synchronization between Windows, Macintosh, and Linux.
Randomware and the daily moe have stories on this with some good followup discussion. Below is a summary of important things to understand when using TrueCrypt with Dropbox. These issues don’t bother me, but they won’t be OK for everyone.
- This solution requires that the TrueCrypt container is mounted first.
- If the container is automatically mounted at bootup and demounted at log-off, there won’t be time for Dropbox to synchronize the container. This might be solved by selecting “Preserve modification time of file containers” in Truecrypt, but I haven’t tried it out yet.
- The TrueCrypt container can only be opened by one computer at a time. That means this won’t be a good solution for collaboration, most probably. This also means that the container must be closed when you are finished. If left open, it you won’t be allowed to access the container from another computer.
- Large containers, such as 10 gig, might take up to 5 minutes for synchronization to complete.
I’ve used TrueCrypt for several years and had no problems with it. The fact that Dropbox and TrueCrypt both work for Windows, Macintosh, and Linux make this a highly portable solution.