Encrypt all the things - How to store your data safely ANYWHERE.

When a hacker gets into my drive. Purchased from twenty20

Goals for this list:

  1. Tools to be open source.
  2. Rate the ease of use of each.
  3. Define the encryption standards.
  4. Explain the pros and cons of each.

1. Cryptomator

-> Ease of use: 4.5/5

So clean and easy
  • Good encryption and brute force protection
  • Easy to use with nearly any cloud provider (build in integrations with several)
  • Cross-platform (iOS, Android, Linux, Windows, Mac)
  • Very well recognized and active development
  • Encrypts file-by-file, not within a container (compare this with VeraCrypt)
  • Slow transfer speeds (Max ~ 15–150MiB/s depending on platform (Windows is best, Linux/Mac the worst))
  • Mobile Apps not open source
  • Managing across devices can be complicated.

Use it:

2. VeraCrypt

-> Ease of use: 3.5/5

Daunting but easy once you do it once.
  • The ability to create a virtual encrypted disk inside of a file and then mount the virtual encrypted disk as if it were a real disk
  • Encrypt a whole partition or a storage device, like a flash drive or a hard drive
  • The ability to encrypt a partition or a drive (Windows) making it possible for data to be read and written with the same speed as if the drive were not encrypted
  • Gives plausible deniability if you were forced to reveal your password using hidden volumes and hidden operating systems provide additional protection.

Use case in the Cloud

So many options
  • Single large container, regardless of files.
  • Not cloud friendly.
  • Not straightforward for most and files not accessible on a mobile.

Use it:

  • Download VeraCrypt here. Desktop only, no mobile apps.
  • “Create a Volume”
  • Hidden or Standard?
  • Volume location (make a folder)
  • Select your encryption and your hashing algorithm (AES 128 is uncrackable (feasibly for now) or AES 256 if you’re extra paranoid)
  • Define your volume size (It will be this size regardless of files)
  • Define your passphrase (Remember, the longer the better)
  • Pick your filesystem (exFAT is good across all platforms)
  • SHAKE YOUR MOUSE AND MAKE SOME RANDOMNESS
  • Mount and you’re done :)

3. RClone

-> Ease of use: 3/5

4. GoCryptFS

-> Ease of use: 2/5

$ mkdir cipher plain
$ gocryptfs -init cipher
[...]
$ gocryptfs cipher plain
[...]

5. CryFS

-> Ease of use: 2/5

Diagram of how data is stored — Cryfs website

Honorable mentions:

  • encfs (In maintenance mode)
  • securefs (No updates in months so unsure)
  • 7Zip (Windows only but containers can be compressed and encrypted)
  • eCryptfs (Linux only, but very well known and secure)
  • Keka (MacOS only but containers can be compressed and encrypted)

Notes/Additions:

  1. After creating the GoCrypt Container he moves the config file (the encrypted key for the files) to a VeraCrpt Container using a different password.
  2. When accessing/decrypting/mounting the GoCrypt folder, he first unencrypts the Veracrypt container and using the below command to point GoCrypt to the new location for the config file:
gocryptfs -config /veracrypt/folder/with/gocryptfs.conf /gocrypt/encrypted-folder/ /mount-point/folder/decrypted
  • umount the in clear folder (GoCryptFS folder);
  • Close VeraCrypt container.
  • Layering is always good. Using 2 different services reduces the risk if one is compromised.
  • It keeps the VeraCrypt container small. Making it easy to sync with cloud storage.
  • More complicated — this method would be for advanced users who are more comfortable with the command line approach.
  • Multiple passwords — lose one password and there is no recovery. This is good/bad, as that is also the point of this article.

--

--

--

General geek, Engineer. Productivity, Python, and anything I can break or build, why not?.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Simple CTF — TryHackMe

{UPDATE} QCat - rompecabezas y curiosidades del mundo de dinosaurios para los niños pequeños y…

Chocolate Factory Tryhackme Writeup

Press Release: Digitalisation without Information Security has no Future

Authenticity in cryptography

Why Prevention Is Essential for Public Cloud Security — Or, Don’t Forget the Umbrella

Giottus announces free Ripple (XRP) trading and additional 5% Spark (FLR) tokens

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David

David

General geek, Engineer. Productivity, Python, and anything I can break or build, why not?.

More from Medium

The Best Static Site Generators of 2022

Woocommerce Payment Plugin for Paygate (Clinpays Honduras)

Website Under Construction

Simple Script to Create Daily Backups of Your Projects