Am Sonntag, 18. September 2016 04:52:52 UTC+2 schrieb rac...@gmail.com: > > So for me, EncFS seems the way to go > > I looked into using EncFS with Dropbox, but from what reading I did it seemed > that EncFS was (1) old and not well maintained and (2) insecure whenever an > attacker can see more than one version of the same file (that is, see the > same file before and after a modification). Version 1.8 supposedly fixed some > of the issues but this issue about being able to learn about a file's > contents when it changes remains (as far as I can tell from reading around). > Since Dropbox can always see files before and after modification (that's kind > of the point of it), EncFS seems like an insecure choice to use with Dropbox. > > So I'm still looking for a good solution for encrypting a single folder that > will be synced. > > Of course, Dropbox itself would be considered a security risk by many who are > interested in Qubes. Myself, I'd put up with it if I could localize it to a > dedicated AppVM.
Okay I have now installed Qubes OS on my work PC which also supports VT-d :), so I had a chance to look into this more deeply. I see that EncFS is old and maybe not fully secure. Unfortunately there don't seem to be good alternatives. Also the vulnerability primarily focuses on manipulation, not decryption. Since I only push to Dropbox, but dont fetch anything, this is unlikely to be a problem. Also the data I am pushing is not that important. It's personal but I am not a dissendent or something, so I don't "really" have anything to hide. I don't think EncFS is a security hole, unless some state sponsored actor really takes a liking to you... They would also need to have access to dropbox in the first place, which isn't easy. I actually trust Dropbox enough that I don't believe they will go trough the trouble of breaking my EncFS encryption ^^. Like... What for? I doubt I am on any NSA list yet... Well on the list you get on for googling Snowden and downloading Qubes OS, okay, but that's probably a list with millions of entries ;). I tried the block-device approach, it doesn't work. Dropbox can sync only the "changed" blocks, yes, but for that it needs to scan the entire 200 GB file for changed blocks which is a freaking nightmare, power-consumption wise... So my current setup is: 1) Dropbox VM: Runs dropbox and keeps a local copy of 200 GB EncFS files (only encrypted) 2) Vault VM: No internet connection. Has a plaintext copy of the 200GB EncFS files. Now I just mount the Vault VM's loopback device with the encrypted EncFS files inside the dropbox VM and issue an rsync command to update the dropbox VM's local copy. Then dropbox will updated the changed files... Not exactly as smooth as I expected but I guess that's the price you have to pay for maximum security ;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5558f917-8de4-4442-907d-3c7cef41f6fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
