Re: Dropbox, passwords, and security concerns
? :) On 10/2/2012 3:17 PM, Raul A. Gallegos wrote: > H > > --- > Raul A. Gallegos > Facebook, Twitter, and Zello username: rau47 > Homepage: http://RaulGallegos.com > > On Oct 2, 2012, at 0:55, Len Burns wrote: > >> Raul, >> >> I use TrueCrypt as well, for many purposes. I am considering a strategy >> such as you describe below so I have access to info on my iPHone. The >> utility that comes up when I search the app store for TrueCrypt is a >> utility called Disk Decipher. Is that what you are using on the iPhone? >> If so, how accessible is it? Thanks much. >> >> Regards, >> -Len >> >> On 9/12/2012 8:43 AM, Raul A. Gallegos wrote: >>> Hi all, the recent thread on the tech doctor podcast concerning >>> 1Password has prompted me to write the following. >>> >>> First off, I don't use 1Password, so my comments might be off a bit. I >>> use LastPass and MyKeePass. I won't get into the details of those >>> password managers, but suffice it to say that I feel they are just as >>> good as 1Password. I simply tried those first and see no need to switch >>> to 1Password. So now onto the real reason why I'm writing. >>> >>> It's more about security and what you put on Dropbox and what is safe >>> and what isn't. >>> >>> Many people feel it's ok to put whatever on Dropbox while others only >>> put non-secure stuff, and still others are somewhere in between. >>> >>> What I do in regards to Dropbox is put files in it which I don't >>> particularly care if the Dropbox staff somehow gains access to them. I >>> know for a fact that Dropbox stores files on there even if you delete >>> them. How do I know this? I once erased a folder of 5 good byeello Len and >>> others. This app is a bit weird with the ui at times but is otherwise >>> accessible. It was 1 us dollar when I purchased it. of audio and >>> later needed it for a friend, and so I copied it back over. It had been >>> about 3 months since I had deleted them from Dropbox, yet when I copied >>> them over again, it didn't take hours to upload and update, it only took >>> a few minutes? Why is that? Because Dropbox already had a copy of those >>> files. I also know that if you have a file which is an exact copy of >>> someone else's file even if you are not sharing folders with that >>> person, Dropbox uses the same copy. This allows them to save on disc >>> space over all in the big picture. For example, if I download the iTunes >>> setup file for Windows and put it in my installs folder of Dropbox which >>> I only share with 5 people, and if 100 other people across the world >>> also have this same file in their own private or public space of >>> Dropbox, then Dropbox uses that one copy rather than multiple copies. >>> Some might feel this is a breach of security. I personally feel it's >>> Dropbox using disc space wisely. >>> >>> The one thing I don't do is put a text file of credit card or social >>> security numbers in Dropbox just for the convenience of having access to >>> those from my iPhone. Call me paranoid, but that's the way it is. >>> Instead, what I do is use Truecrypt. Truecrypt is a program which allows >>> you to create a file container of any size and put stuff in it. Think of >>> it like a virtual usb stick. So, I have a 10 Mb Truecrypt container >>> called KeepOut.tc. Yes, only 10 megs in size. I have this file in my >>> dropbox folder and when I want to review personal text files from any of >>> my computers, I simply mount this small 10 meg file and it becomes its >>> own drive. Like drive x maybe. I can then open files, copy files, add >>> files, do whatever I want in my little 10 meg virtual usb stick. When >>> I'm done, I unmount it, that's like using safely remove hardware. The >>> file is updated on Dropbox and closed up and secure again. >>> >>> There is an iphone app which will open Truecrypt files and so if I want >>> access to this data from my iphone, then I simply do the same process >>> from there. >>> >>> Some would say this is too much work for security, but it's worth it to >>> me to take the extra seconds to open the Truecrypt file, look at it, and >>> then close it when I'm done. >>> >>> I do a similar thing with all the documents in my documents folder of my >>> netbook and my pc where I back them up onto a Truecrypt volume and that >>> volume lives in Dropbox. So, it's like my own backup solution. I've >>> written batch files to automatically open the virtual file, copy the >>> changed files from my documents, and then close it. So, in the end it >>> doesn't take much time at all. I'm not the only one who does this >>> because there are various people who have blogged about it and who have >>> shared similar doings in terms of Dropbox, backups, and security. >>> >>> Lastly, I mentioned KeePass as a password manager. This program is >>> available in many different platforms, iOS and Windows for example, and >>> can share the same database. So if I want to get access to a username >>> and password for something, I can
Re: Dropbox, passwords, and security concerns
Hello Grant, you bring up good points and what you say about 1Password makes sense. As I stated in my original message my way of doing this is just what works for me. I haven't tried 1Password, but not for any specific reason other than I use LastPass and am perfectly happy with it. Cheers. --- Raul A. Gallegos Facebook, Twitter, and Zello username: rau47 Homepage: http://RaulGallegos.com On Oct 2, 2012, at 1:59, Grant Hardy wrote: > Raul and List, > > I'd like to add a couple of points to this discussion. Firstly, it's > important to understand that 1Password encrypts your data similarly to > other apps such as TrueCrypt. Even if a thief got their hands on your > 1Password vault, it could take years to attack your password (assuming > you're using a strong password to protect your 1Password data). It is > not as though passwords are stored in any way that could permit > Dropbox employees or hackers to read the data. Of course Dropbox > suffers from security breaches, but the 1Password vault shouldn't be a > strong target because again, it's encrypted. Note: this is very > similar to how apps such as LastPass store your data in the cloud. I > don't think 1Password should be any less secure than LastPass or > RoboForm; on the contrary, I'd argue that it's more secure. You > control the encryption of your 1Password data at your end. With those > other services, you're leaving the control up to them. (And yes, I > would trust them. But if you're really really concerned about > security, then you should consider this.) > > Secondly, if you're going to rely on a password manager, at least in > my view, you have to have a backup in the cloud. If your equipment > gets lost or stolen, then you'll have a very difficult, if not > impossible, time gaining access to all your accounts again without > some kind of backup that you can easily access. > > Thirdly, it is not as though Dropbox saves your data forever. They > store deleted files and previous versions of files for 30 days, and > then they're gone. If you pay for Packrat Unlimited, an add-on > available to Dropbox Pro users, then unlimited versions and deleted > file history is stored. But in either case, if you really wanted you > could login to the Dropbox web interface and instruct that Dropbox > should permanently delete specific files or folders. > > Of course, I'm sure Dropbox keeps backups of user data that would > remain a little while after that, but this is pretty normal. Just > about every online service does this. And again, I wouldn't worry too > much about 1Password being a target, unless a backdoor is found in the > way they encrypt and store your data. > > Grant > > -- > You received this message because you are subscribed to the "VIPhone" Google > Group. > To search the VIPhone public archive, visit > http://www.mail-archive.com/viphone@googlegroups.com/. > To post to this group, send email to viphone@googlegroups.com. > To unsubscribe from this group, send email to > viphone+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/viphone?hl=en. > > -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en.
Re: Dropbox, passwords, and security concerns
H --- Raul A. Gallegos Facebook, Twitter, and Zello username: rau47 Homepage: http://RaulGallegos.com On Oct 2, 2012, at 0:55, Len Burns wrote: > Raul, > > I use TrueCrypt as well, for many purposes. I am considering a strategy > such as you describe below so I have access to info on my iPHone. The > utility that comes up when I search the app store for TrueCrypt is a > utility called Disk Decipher. Is that what you are using on the iPhone? > If so, how accessible is it? Thanks much. > > Regards, > -Len > > On 9/12/2012 8:43 AM, Raul A. Gallegos wrote: >> Hi all, the recent thread on the tech doctor podcast concerning >> 1Password has prompted me to write the following. >> >> First off, I don't use 1Password, so my comments might be off a bit. I >> use LastPass and MyKeePass. I won't get into the details of those >> password managers, but suffice it to say that I feel they are just as >> good as 1Password. I simply tried those first and see no need to switch >> to 1Password. So now onto the real reason why I'm writing. >> >> It's more about security and what you put on Dropbox and what is safe >> and what isn't. >> >> Many people feel it's ok to put whatever on Dropbox while others only >> put non-secure stuff, and still others are somewhere in between. >> >> What I do in regards to Dropbox is put files in it which I don't >> particularly care if the Dropbox staff somehow gains access to them. I >> know for a fact that Dropbox stores files on there even if you delete >> them. How do I know this? I once erased a folder of 5 good byeello Len and >> others. This app is a bit weird with the ui at times but is otherwise >> accessible. It was 1 us dollar when I purchased it. of audio and >> later needed it for a friend, and so I copied it back over. It had been >> about 3 months since I had deleted them from Dropbox, yet when I copied >> them over again, it didn't take hours to upload and update, it only took >> a few minutes? Why is that? Because Dropbox already had a copy of those >> files. I also know that if you have a file which is an exact copy of >> someone else's file even if you are not sharing folders with that >> person, Dropbox uses the same copy. This allows them to save on disc >> space over all in the big picture. For example, if I download the iTunes >> setup file for Windows and put it in my installs folder of Dropbox which >> I only share with 5 people, and if 100 other people across the world >> also have this same file in their own private or public space of >> Dropbox, then Dropbox uses that one copy rather than multiple copies. >> Some might feel this is a breach of security. I personally feel it's >> Dropbox using disc space wisely. >> >> The one thing I don't do is put a text file of credit card or social >> security numbers in Dropbox just for the convenience of having access to >> those from my iPhone. Call me paranoid, but that's the way it is. >> Instead, what I do is use Truecrypt. Truecrypt is a program which allows >> you to create a file container of any size and put stuff in it. Think of >> it like a virtual usb stick. So, I have a 10 Mb Truecrypt container >> called KeepOut.tc. Yes, only 10 megs in size. I have this file in my >> dropbox folder and when I want to review personal text files from any of >> my computers, I simply mount this small 10 meg file and it becomes its >> own drive. Like drive x maybe. I can then open files, copy files, add >> files, do whatever I want in my little 10 meg virtual usb stick. When >> I'm done, I unmount it, that's like using safely remove hardware. The >> file is updated on Dropbox and closed up and secure again. >> >> There is an iphone app which will open Truecrypt files and so if I want >> access to this data from my iphone, then I simply do the same process >> from there. >> >> Some would say this is too much work for security, but it's worth it to >> me to take the extra seconds to open the Truecrypt file, look at it, and >> then close it when I'm done. >> >> I do a similar thing with all the documents in my documents folder of my >> netbook and my pc where I back them up onto a Truecrypt volume and that >> volume lives in Dropbox. So, it's like my own backup solution. I've >> written batch files to automatically open the virtual file, copy the >> changed files from my documents, and then close it. So, in the end it >> doesn't take much time at all. I'm not the only one who does this >> because there are various people who have blogged about it and who have >> shared similar doings in terms of Dropbox, backups, and security. >> >> Lastly, I mentioned KeePass as a password manager. This program is >> available in many different platforms, iOS and Windows for example, and >> can share the same database. So if I want to get access to a username >> and password for something, I can use that. The password file itself is >> encrypted, and so can safely live inside Dropbox where MyKeepass from >> iOS can read it. >> >> Ho
Re: Dropbox, passwords, and security concerns
I certainly agree. I use 1password. I chose that service to try first and have stayed with. The encryption is of a high enough level that it matches military encryption standards. As for the information being stored in the cloud, as Scott pointed out, a person would need the master password to access your stored data or spend a very long time attempting to hack it. If dropbox were to suffer another hack, we all would be aware of it well before any thief could get close to hacking the 1password file. Scott pointed out, and I agree, that this is all supposing that you select a very strong master password to begin with. I am by no means intending to take anything away from the other password vault service out there, but like Raul, I tried one service first and am satisfied with it. I think this is a worthwhile discussion because not everyone is as security conscious as others. There are very basic steps one can take to add extra security to their online presence, turning on two step varification is one. I would like to note that facebook, google, PayPal, and dropbox all offer this method of signing in to your accounts. - Original Message - From: "Scott Howell" To: Sent: Tuesday, October 02, 2012 5:46 PM Subject: Re: Dropbox, passwords, and security concerns Grant, I have to agree with you. I have no reservations about 1Password or storing the database in the cloud. I think the encryption is sufficient and the only thing I would keep in mind is ensuring you have a strong password on the database itself. Obviously password would not be a secure password, but with a good master password, I believe the files are nearly hack-proof. THis is a great discussion because there is so much educating that needs to be done. I think Very good points Grant. On Oct 2, 2012, at 2:59 AM, Grant Hardy wrote: Raul and List, I'd like to add a couple of points to this discussion. Firstly, it's important to understand that 1Password encrypts your data similarly to other apps such as TrueCrypt. Even if a thief got their hands on your 1Password vault, it could take years to attack your password (assuming you're using a strong password to protect your 1Password data). It is not as though passwords are stored in any way that could permit Dropbox employees or hackers to read the data. Of course Dropbox suffers from security breaches, but the 1Password vault shouldn't be a strong target because again, it's encrypted. Note: this is very similar to how apps such as LastPass store your data in the cloud. I don't think 1Password should be any less secure than LastPass or RoboForm; on the contrary, I'd argue that it's more secure. You control the encryption of your 1Password data at your end. With those other services, you're leaving the control up to them. (And yes, I would trust them. But if you're really really concerned about security, then you should consider this.) Secondly, if you're going to rely on a password manager, at least in my view, you have to have a backup in the cloud. If your equipment gets lost or stolen, then you'll have a very difficult, if not impossible, time gaining access to all your accounts again without some kind of backup that you can easily access. Thirdly, it is not as though Dropbox saves your data forever. They store deleted files and previous versions of files for 30 days, and then they're gone. If you pay for Packrat Unlimited, an add-on available to Dropbox Pro users, then unlimited versions and deleted file history is stored. But in either case, if you really wanted you could login to the Dropbox web interface and instruct that Dropbox should permanently delete specific files or folders. Of course, I'm sure Dropbox keeps backups of user data that would remain a little while after that, but this is pretty normal. Just about every online service does this. And again, I wouldn't worry too much about 1Password being a target, unless a backdoor is found in the way they encrypt and store your data. Grant -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en. -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en. -- You received thi
Re: Dropbox, passwords, and security concerns
Grant, I have to agree with you. I have no reservations about 1Password or storing the database in the cloud. I think the encryption is sufficient and the only thing I would keep in mind is ensuring you have a strong password on the database itself. Obviously password would not be a secure password, but with a good master password, I believe the files are nearly hack-proof. THis is a great discussion because there is so much educating that needs to be done. I think Very good points Grant. On Oct 2, 2012, at 2:59 AM, Grant Hardy wrote: > Raul and List, > > I'd like to add a couple of points to this discussion. Firstly, it's > important to understand that 1Password encrypts your data similarly to > other apps such as TrueCrypt. Even if a thief got their hands on your > 1Password vault, it could take years to attack your password (assuming > you're using a strong password to protect your 1Password data). It is > not as though passwords are stored in any way that could permit > Dropbox employees or hackers to read the data. Of course Dropbox > suffers from security breaches, but the 1Password vault shouldn't be a > strong target because again, it's encrypted. Note: this is very > similar to how apps such as LastPass store your data in the cloud. I > don't think 1Password should be any less secure than LastPass or > RoboForm; on the contrary, I'd argue that it's more secure. You > control the encryption of your 1Password data at your end. With those > other services, you're leaving the control up to them. (And yes, I > would trust them. But if you're really really concerned about > security, then you should consider this.) > > Secondly, if you're going to rely on a password manager, at least in > my view, you have to have a backup in the cloud. If your equipment > gets lost or stolen, then you'll have a very difficult, if not > impossible, time gaining access to all your accounts again without > some kind of backup that you can easily access. > > Thirdly, it is not as though Dropbox saves your data forever. They > store deleted files and previous versions of files for 30 days, and > then they're gone. If you pay for Packrat Unlimited, an add-on > available to Dropbox Pro users, then unlimited versions and deleted > file history is stored. But in either case, if you really wanted you > could login to the Dropbox web interface and instruct that Dropbox > should permanently delete specific files or folders. > > Of course, I'm sure Dropbox keeps backups of user data that would > remain a little while after that, but this is pretty normal. Just > about every online service does this. And again, I wouldn't worry too > much about 1Password being a target, unless a backdoor is found in the > way they encrypt and store your data. > > Grant > > -- > You received this message because you are subscribed to the "VIPhone" Google > Group. > To search the VIPhone public archive, visit > http://www.mail-archive.com/viphone@googlegroups.com/. > To post to this group, send email to viphone@googlegroups.com. > To unsubscribe from this group, send email to > viphone+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/viphone?hl=en. > > -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en.
Re: Dropbox, passwords, and security concerns
Raul and List, I'd like to add a couple of points to this discussion. Firstly, it's important to understand that 1Password encrypts your data similarly to other apps such as TrueCrypt. Even if a thief got their hands on your 1Password vault, it could take years to attack your password (assuming you're using a strong password to protect your 1Password data). It is not as though passwords are stored in any way that could permit Dropbox employees or hackers to read the data. Of course Dropbox suffers from security breaches, but the 1Password vault shouldn't be a strong target because again, it's encrypted. Note: this is very similar to how apps such as LastPass store your data in the cloud. I don't think 1Password should be any less secure than LastPass or RoboForm; on the contrary, I'd argue that it's more secure. You control the encryption of your 1Password data at your end. With those other services, you're leaving the control up to them. (And yes, I would trust them. But if you're really really concerned about security, then you should consider this.) Secondly, if you're going to rely on a password manager, at least in my view, you have to have a backup in the cloud. If your equipment gets lost or stolen, then you'll have a very difficult, if not impossible, time gaining access to all your accounts again without some kind of backup that you can easily access. Thirdly, it is not as though Dropbox saves your data forever. They store deleted files and previous versions of files for 30 days, and then they're gone. If you pay for Packrat Unlimited, an add-on available to Dropbox Pro users, then unlimited versions and deleted file history is stored. But in either case, if you really wanted you could login to the Dropbox web interface and instruct that Dropbox should permanently delete specific files or folders. Of course, I'm sure Dropbox keeps backups of user data that would remain a little while after that, but this is pretty normal. Just about every online service does this. And again, I wouldn't worry too much about 1Password being a target, unless a backdoor is found in the way they encrypt and store your data. Grant -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en.
Re: Dropbox, passwords, and security concerns
Raul, I use TrueCrypt as well, for many purposes. I am considering a strategy such as you describe below so I have access to info on my iPHone. The utility that comes up when I search the app store for TrueCrypt is a utility called Disk Decipher. Is that what you are using on the iPhone? If so, how accessible is it? Thanks much. Regards, -Len On 9/12/2012 8:43 AM, Raul A. Gallegos wrote: > Hi all, the recent thread on the tech doctor podcast concerning > 1Password has prompted me to write the following. > > First off, I don't use 1Password, so my comments might be off a bit. I > use LastPass and MyKeePass. I won't get into the details of those > password managers, but suffice it to say that I feel they are just as > good as 1Password. I simply tried those first and see no need to switch > to 1Password. So now onto the real reason why I'm writing. > > It's more about security and what you put on Dropbox and what is safe > and what isn't. > > Many people feel it's ok to put whatever on Dropbox while others only > put non-secure stuff, and still others are somewhere in between. > > What I do in regards to Dropbox is put files in it which I don't > particularly care if the Dropbox staff somehow gains access to them. I > know for a fact that Dropbox stores files on there even if you delete > them. How do I know this? I once erased a folder of 5 gb of audio and > later needed it for a friend, and so I copied it back over. It had been > about 3 months since I had deleted them from Dropbox, yet when I copied > them over again, it didn't take hours to upload and update, it only took > a few minutes? Why is that? Because Dropbox already had a copy of those > files. I also know that if you have a file which is an exact copy of > someone else's file even if you are not sharing folders with that > person, Dropbox uses the same copy. This allows them to save on disc > space over all in the big picture. For example, if I download the iTunes > setup file for Windows and put it in my installs folder of Dropbox which > I only share with 5 people, and if 100 other people across the world > also have this same file in their own private or public space of > Dropbox, then Dropbox uses that one copy rather than multiple copies. > Some might feel this is a breach of security. I personally feel it's > Dropbox using disc space wisely. > > The one thing I don't do is put a text file of credit card or social > security numbers in Dropbox just for the convenience of having access to > those from my iPhone. Call me paranoid, but that's the way it is. > Instead, what I do is use Truecrypt. Truecrypt is a program which allows > you to create a file container of any size and put stuff in it. Think of > it like a virtual usb stick. So, I have a 10 Mb Truecrypt container > called KeepOut.tc. Yes, only 10 megs in size. I have this file in my > dropbox folder and when I want to review personal text files from any of > my computers, I simply mount this small 10 meg file and it becomes its > own drive. Like drive x maybe. I can then open files, copy files, add > files, do whatever I want in my little 10 meg virtual usb stick. When > I'm done, I unmount it, that's like using safely remove hardware. The > file is updated on Dropbox and closed up and secure again. > > There is an iphone app which will open Truecrypt files and so if I want > access to this data from my iphone, then I simply do the same process > from there. > > Some would say this is too much work for security, but it's worth it to > me to take the extra seconds to open the Truecrypt file, look at it, and > then close it when I'm done. > > I do a similar thing with all the documents in my documents folder of my > netbook and my pc where I back them up onto a Truecrypt volume and that > volume lives in Dropbox. So, it's like my own backup solution. I've > written batch files to automatically open the virtual file, copy the > changed files from my documents, and then close it. So, in the end it > doesn't take much time at all. I'm not the only one who does this > because there are various people who have blogged about it and who have > shared similar doings in terms of Dropbox, backups, and security. > > Lastly, I mentioned KeePass as a password manager. This program is > available in many different platforms, iOS and Windows for example, and > can share the same database. So if I want to get access to a username > and password for something, I can use that. The password file itself is > encrypted, and so can safely live inside Dropbox where MyKeepass from > iOS can read it. > > Hope that helps, and hope you join the paranoia team. -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. Fo
Re: Dropbox, passwords, and security concerns
Hi, sure thing. The app which reads TrueCrypt files is called Disk Decipher. The link is: http://itunes.apple.com/us/app/disk-decipher/id516538625?mt=8 To get TrueCrypt for your pc, go to: http://www.truecrypt.org It's interesting the way Disk Decipher reads the TrueCrypt files because if you use Dropbox, you have to give it your private Dropbox url so it can read them. It's not intuitive at first, but once you read the how to, it's pretty obvious. One thing to keep in mind is that you can't read text files, line by line, but I've written to the dev to see if that can be made better. In the mean time if you need to read a text file, just change your rotor to words or whatever and you can get the info. After all, the idea is to read information, not add to it. -- Raul A. Gallegos "The best way to remember your wife's birthday is to forget is once." - E. Joseph Cossman Home Page: http://raulgallegos.com Twitter: https://twitter.com/rau47 Facebook: http://facebook.com/rau47 On 9/18/2012 11:37 PM, James Mannion wrote: Hi, What is the IPhone app that opens truecrypt files and also where do you get the PC software to use Truecrypt? I will google for it and check the ap store searching for truecrypt, but since you have already invented the wheel, maybe you will be able to point me in the right direction if there is something not obvious. On 9/18/12, Christopher Chaltain wrote: I'm not quite as paranoid as Raul, but I do use many of the same techniques that he describes below, including Truecrypt. I'd also suggest checking out the privacy and security policies for any cloud that you're going to use, assuming you are paranoid at all. For example, the security provisions of DropBox are documented at https://www.dropbox.com/help/27/en On 12/09/12 10:43, Raul A. Gallegos wrote: Hi all, the recent thread on the tech doctor podcast concerning 1Password has prompted me to write the following. First off, I don't use 1Password, so my comments might be off a bit. I use LastPass and MyKeePass. I won't get into the details of those password managers, but suffice it to say that I feel they are just as good as 1Password. I simply tried those first and see no need to switch to 1Password. So now onto the real reason why I'm writing. It's more about security and what you put on Dropbox and what is safe and what isn't. Many people feel it's ok to put whatever on Dropbox while others only put non-secure stuff, and still others are somewhere in between. What I do in regards to Dropbox is put files in it which I don't particularly care if the Dropbox staff somehow gains access to them. I know for a fact that Dropbox stores files on there even if you delete them. How do I know this? I once erased a folder of 5 gb of audio and later needed it for a friend, and so I copied it back over. It had been about 3 months since I had deleted them from Dropbox, yet when I copied them over again, it didn't take hours to upload and update, it only took a few minutes? Why is that? Because Dropbox already had a copy of those files. I also know that if you have a file which is an exact copy of someone else's file even if you are not sharing folders with that person, Dropbox uses the same copy. This allows them to save on disc space over all in the big picture. For example, if I download the iTunes setup file for Windows and put it in my installs folder of Dropbox which I only share with 5 people, and if 100 other people across the world also have this same file in their own private or public space of Dropbox, then Dropbox uses that one copy rather than multiple copies. Some might feel this is a breach of security. I personally feel it's Dropbox using disc space wisely. The one thing I don't do is put a text file of credit card or social security numbers in Dropbox just for the convenience of having access to those from my iPhone. Call me paranoid, but that's the way it is. Instead, what I do is use Truecrypt. Truecrypt is a program which allows you to create a file container of any size and put stuff in it. Think of it like a virtual usb stick. So, I have a 10 Mb Truecrypt container called KeepOut.tc. Yes, only 10 megs in size. I have this file in my dropbox folder and when I want to review personal text files from any of my computers, I simply mount this small 10 meg file and it becomes its own drive. Like drive x maybe. I can then open files, copy files, add files, do whatever I want in my little 10 meg virtual usb stick. When I'm done, I unmount it, that's like using safely remove hardware. The file is updated on Dropbox and closed up and secure again. There is an iphone app which will open Truecrypt files and so if I want access to this data from my iphone, then I simply do the same process from there. Some would say this is too much work for security, but it's worth it to me to take the extra seconds to open the Truecrypt file, look at it, and then close it when I'm done. I do a similar thing with all the documents
Re: Dropbox, passwords, and security concerns
Hi, What is the IPhone app that opens truecrypt files and also where do you get the PC software to use Truecrypt? I will google for it and check the ap store searching for truecrypt, but since you have already invented the wheel, maybe you will be able to point me in the right direction if there is something not obvious. On 9/18/12, Christopher Chaltain wrote: > I'm not quite as paranoid as Raul, but I do use many of the same > techniques that he describes below, including Truecrypt. I'd also > suggest checking out the privacy and security policies for any cloud > that you're going to use, assuming you are paranoid at all. For example, > the security provisions of DropBox are documented at > https://www.dropbox.com/help/27/en > > On 12/09/12 10:43, Raul A. Gallegos wrote: >> Hi all, the recent thread on the tech doctor podcast concerning >> 1Password has prompted me to write the following. >> >> First off, I don't use 1Password, so my comments might be off a bit. I >> use LastPass and MyKeePass. I won't get into the details of those >> password managers, but suffice it to say that I feel they are just as >> good as 1Password. I simply tried those first and see no need to switch >> to 1Password. So now onto the real reason why I'm writing. >> >> It's more about security and what you put on Dropbox and what is safe >> and what isn't. >> >> Many people feel it's ok to put whatever on Dropbox while others only >> put non-secure stuff, and still others are somewhere in between. >> >> What I do in regards to Dropbox is put files in it which I don't >> particularly care if the Dropbox staff somehow gains access to them. I >> know for a fact that Dropbox stores files on there even if you delete >> them. How do I know this? I once erased a folder of 5 gb of audio and >> later needed it for a friend, and so I copied it back over. It had been >> about 3 months since I had deleted them from Dropbox, yet when I copied >> them over again, it didn't take hours to upload and update, it only took >> a few minutes? Why is that? Because Dropbox already had a copy of those >> files. I also know that if you have a file which is an exact copy of >> someone else's file even if you are not sharing folders with that >> person, Dropbox uses the same copy. This allows them to save on disc >> space over all in the big picture. For example, if I download the iTunes >> setup file for Windows and put it in my installs folder of Dropbox which >> I only share with 5 people, and if 100 other people across the world >> also have this same file in their own private or public space of >> Dropbox, then Dropbox uses that one copy rather than multiple copies. >> Some might feel this is a breach of security. I personally feel it's >> Dropbox using disc space wisely. >> >> The one thing I don't do is put a text file of credit card or social >> security numbers in Dropbox just for the convenience of having access to >> those from my iPhone. Call me paranoid, but that's the way it is. >> Instead, what I do is use Truecrypt. Truecrypt is a program which allows >> you to create a file container of any size and put stuff in it. Think of >> it like a virtual usb stick. So, I have a 10 Mb Truecrypt container >> called KeepOut.tc. Yes, only 10 megs in size. I have this file in my >> dropbox folder and when I want to review personal text files from any of >> my computers, I simply mount this small 10 meg file and it becomes its >> own drive. Like drive x maybe. I can then open files, copy files, add >> files, do whatever I want in my little 10 meg virtual usb stick. When >> I'm done, I unmount it, that's like using safely remove hardware. The >> file is updated on Dropbox and closed up and secure again. >> >> There is an iphone app which will open Truecrypt files and so if I want >> access to this data from my iphone, then I simply do the same process >> from there. >> >> Some would say this is too much work for security, but it's worth it to >> me to take the extra seconds to open the Truecrypt file, look at it, and >> then close it when I'm done. >> >> I do a similar thing with all the documents in my documents folder of my >> netbook and my pc where I back them up onto a Truecrypt volume and that >> volume lives in Dropbox. So, it's like my own backup solution. I've >> written batch files to automatically open the virtual file, copy the >> changed files from my documents, and then close it. So, in the end it >> doesn't take much time at all. I'm not the only one who does this >> because there are various people who have blogged about it and who have >> shared similar doings in terms of Dropbox, backups, and security. >> >> Lastly, I mentioned KeePass as a password manager. This program is >> available in many different platforms, iOS and Windows for example, and >> can share the same database. So if I want to get access to a username >> and password for something, I can use that. The password file itself is >> encrypted, and so can safely live inside
Re: Dropbox, passwords, and security concerns
I'm not quite as paranoid as Raul, but I do use many of the same techniques that he describes below, including Truecrypt. I'd also suggest checking out the privacy and security policies for any cloud that you're going to use, assuming you are paranoid at all. For example, the security provisions of DropBox are documented at https://www.dropbox.com/help/27/en On 12/09/12 10:43, Raul A. Gallegos wrote: > Hi all, the recent thread on the tech doctor podcast concerning > 1Password has prompted me to write the following. > > First off, I don't use 1Password, so my comments might be off a bit. I > use LastPass and MyKeePass. I won't get into the details of those > password managers, but suffice it to say that I feel they are just as > good as 1Password. I simply tried those first and see no need to switch > to 1Password. So now onto the real reason why I'm writing. > > It's more about security and what you put on Dropbox and what is safe > and what isn't. > > Many people feel it's ok to put whatever on Dropbox while others only > put non-secure stuff, and still others are somewhere in between. > > What I do in regards to Dropbox is put files in it which I don't > particularly care if the Dropbox staff somehow gains access to them. I > know for a fact that Dropbox stores files on there even if you delete > them. How do I know this? I once erased a folder of 5 gb of audio and > later needed it for a friend, and so I copied it back over. It had been > about 3 months since I had deleted them from Dropbox, yet when I copied > them over again, it didn't take hours to upload and update, it only took > a few minutes? Why is that? Because Dropbox already had a copy of those > files. I also know that if you have a file which is an exact copy of > someone else's file even if you are not sharing folders with that > person, Dropbox uses the same copy. This allows them to save on disc > space over all in the big picture. For example, if I download the iTunes > setup file for Windows and put it in my installs folder of Dropbox which > I only share with 5 people, and if 100 other people across the world > also have this same file in their own private or public space of > Dropbox, then Dropbox uses that one copy rather than multiple copies. > Some might feel this is a breach of security. I personally feel it's > Dropbox using disc space wisely. > > The one thing I don't do is put a text file of credit card or social > security numbers in Dropbox just for the convenience of having access to > those from my iPhone. Call me paranoid, but that's the way it is. > Instead, what I do is use Truecrypt. Truecrypt is a program which allows > you to create a file container of any size and put stuff in it. Think of > it like a virtual usb stick. So, I have a 10 Mb Truecrypt container > called KeepOut.tc. Yes, only 10 megs in size. I have this file in my > dropbox folder and when I want to review personal text files from any of > my computers, I simply mount this small 10 meg file and it becomes its > own drive. Like drive x maybe. I can then open files, copy files, add > files, do whatever I want in my little 10 meg virtual usb stick. When > I'm done, I unmount it, that's like using safely remove hardware. The > file is updated on Dropbox and closed up and secure again. > > There is an iphone app which will open Truecrypt files and so if I want > access to this data from my iphone, then I simply do the same process > from there. > > Some would say this is too much work for security, but it's worth it to > me to take the extra seconds to open the Truecrypt file, look at it, and > then close it when I'm done. > > I do a similar thing with all the documents in my documents folder of my > netbook and my pc where I back them up onto a Truecrypt volume and that > volume lives in Dropbox. So, it's like my own backup solution. I've > written batch files to automatically open the virtual file, copy the > changed files from my documents, and then close it. So, in the end it > doesn't take much time at all. I'm not the only one who does this > because there are various people who have blogged about it and who have > shared similar doings in terms of Dropbox, backups, and security. > > Lastly, I mentioned KeePass as a password manager. This program is > available in many different platforms, iOS and Windows for example, and > can share the same database. So if I want to get access to a username > and password for something, I can use that. The password file itself is > encrypted, and so can safely live inside Dropbox where MyKeepass from > iOS can read it. > > Hope that helps, and hope you join the paranoia team. -- Christopher (CJ) chaltain at Gmail -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send emai
Dropbox, passwords, and security concerns
Hi all, the recent thread on the tech doctor podcast concerning 1Password has prompted me to write the following. First off, I don't use 1Password, so my comments might be off a bit. I use LastPass and MyKeePass. I won't get into the details of those password managers, but suffice it to say that I feel they are just as good as 1Password. I simply tried those first and see no need to switch to 1Password. So now onto the real reason why I'm writing. It's more about security and what you put on Dropbox and what is safe and what isn't. Many people feel it's ok to put whatever on Dropbox while others only put non-secure stuff, and still others are somewhere in between. What I do in regards to Dropbox is put files in it which I don't particularly care if the Dropbox staff somehow gains access to them. I know for a fact that Dropbox stores files on there even if you delete them. How do I know this? I once erased a folder of 5 gb of audio and later needed it for a friend, and so I copied it back over. It had been about 3 months since I had deleted them from Dropbox, yet when I copied them over again, it didn't take hours to upload and update, it only took a few minutes? Why is that? Because Dropbox already had a copy of those files. I also know that if you have a file which is an exact copy of someone else's file even if you are not sharing folders with that person, Dropbox uses the same copy. This allows them to save on disc space over all in the big picture. For example, if I download the iTunes setup file for Windows and put it in my installs folder of Dropbox which I only share with 5 people, and if 100 other people across the world also have this same file in their own private or public space of Dropbox, then Dropbox uses that one copy rather than multiple copies. Some might feel this is a breach of security. I personally feel it's Dropbox using disc space wisely. The one thing I don't do is put a text file of credit card or social security numbers in Dropbox just for the convenience of having access to those from my iPhone. Call me paranoid, but that's the way it is. Instead, what I do is use Truecrypt. Truecrypt is a program which allows you to create a file container of any size and put stuff in it. Think of it like a virtual usb stick. So, I have a 10 Mb Truecrypt container called KeepOut.tc. Yes, only 10 megs in size. I have this file in my dropbox folder and when I want to review personal text files from any of my computers, I simply mount this small 10 meg file and it becomes its own drive. Like drive x maybe. I can then open files, copy files, add files, do whatever I want in my little 10 meg virtual usb stick. When I'm done, I unmount it, that's like using safely remove hardware. The file is updated on Dropbox and closed up and secure again. There is an iphone app which will open Truecrypt files and so if I want access to this data from my iphone, then I simply do the same process from there. Some would say this is too much work for security, but it's worth it to me to take the extra seconds to open the Truecrypt file, look at it, and then close it when I'm done. I do a similar thing with all the documents in my documents folder of my netbook and my pc where I back them up onto a Truecrypt volume and that volume lives in Dropbox. So, it's like my own backup solution. I've written batch files to automatically open the virtual file, copy the changed files from my documents, and then close it. So, in the end it doesn't take much time at all. I'm not the only one who does this because there are various people who have blogged about it and who have shared similar doings in terms of Dropbox, backups, and security. Lastly, I mentioned KeePass as a password manager. This program is available in many different platforms, iOS and Windows for example, and can share the same database. So if I want to get access to a username and password for something, I can use that. The password file itself is encrypted, and so can safely live inside Dropbox where MyKeepass from iOS can read it. Hope that helps, and hope you join the paranoia team. -- -- Raul A. Gallegos The honeymoon is over when the husband calls home to say he'll be late for dinner and the answering machine says it is in the microwave. – Anonymous Home Page: http://raulgallegos.com Twitter: https://twitter.com/rau47 Facebook: http://facebook.com/rau47 -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en.
