Computer Security: DropBox + KeePass + TrueCrypt

RandomAdam · **Joined:** Mon Apr 25, 2011 12:20 pm **Posts:** 1

Hi all,

I am a programmer (industrial) and am quite interested in protecting my privacy online. As time has gone on a lot of my work and leisure time is being spent online.

I have 7 computers (including my Nexus One) that I use on a regular basis. I have 30ish websites that I log into on a regular basis and about 100 that I have logins for. I used to be very lazy, having only two passwords, one for generic stuff and one for my banking. A few years ago a friend of mine had his credit card details stolen and used online. I'm not sure if someone got the details from a website with poor security or in person. But it gave me a wake up call, I started looking into security properly.

The first thing that I realised is that you simply cannot use the same password on different sites. So rather then remember 30 passwords I decided to get a program to do it for me.

I use KeePass, because it is an encrypted database, open source, free, works on all my devices (version 1.18 works on Linux, Windows, Android).

I quickly found that having it on a USB is annoying, as it is a hassle to get the DB onto whichever device I happen to be working on that day. Because I am inherently lazy, I just copy the DB to a computer and quickly they get out of sync.

So I used ubuntuOne which kinda worked but not well because the support for non-ubuntu systems is not great, so I have moved to dropbox which is great, the security issues that have been highlighted lately don't bother me as my DB is encrypted using a very strong password and you also have to choose the correct file to unlock the DB.

Dropbox worked so well for keeping my copies of the password DB synced, that I started using it for files as well. To start off with the files were just boring non-important stuff, but before long I started to want to use it for secure sharing...so trueCrypt was the answer. Letting KeePass generate a super strong password for TrueCrypt ensures that no one can crack the encryption.

I guess that if someone broke the encryption on KeePass then they would have open access to all my information and my TrueCrypt encrypted files but hey, it is better then my old way of doing things.

If anyone has any comments / suggestions along the lines of online privacy I would be glad to hear them.

kiwipeso · **Posted:** Tue May 03, 2011 12:15 am

RandomAdam wrote:

Hi all,

I am a programmer (industrial) and am quite interested in protecting my privacy online. As time has gone on a lot of my work and leisure time is being spent online.

I have 7 computers (including my Nexus One) that I use on a regular basis. I have 30ish websites that I log into on a regular basis and about 100 that I have logins for. I used to be very lazy, having only two passwords, one for generic stuff and one for my banking. A few years ago a friend of mine had his credit card details stolen and used online. I'm not sure if someone got the details from a website with poor security or in person. But it gave me a wake up call, I started looking into security properly.

The first thing that I realised is that you simply cannot use the same password on different sites. So rather then remember 30 passwords I decided to get a program to do it for me.

I use KeePass, because it is an encrypted database, open source, free, works on all my devices (version 1.18 works on Linux, Windows, Android).

I quickly found that having it on a USB is annoying, as it is a hassle to get the DB onto whichever device I happen to be working on that day. Because I am inherently lazy, I just copy the DB to a computer and quickly they get out of sync.

So I used ubuntuOne which kinda worked but not well because the support for non-ubuntu systems is not great, so I have moved to dropbox which is great, the security issues that have been highlighted lately don't bother me as my DB is encrypted using a very strong password and you also have to choose the correct file to unlock the DB.

Dropbox worked so well for keeping my copies of the password DB synced, that I started using it for files as well. To start off with the files were just boring non-important stuff, but before long I started to want to use it for secure sharing...so trueCrypt was the answer. Letting KeePass generate a super strong password for TrueCrypt ensures that no one can crack the encryption.

I guess that if someone broke the encryption on KeePass then they would have open access to all my information and my TrueCrypt encrypted files but hey, it is better then my old way of doing things.

If anyone has any comments / suggestions along the lines of online privacy I would be glad to hear them.

AES has been broken for several years, so KeePass, TrueCrypt and DropBox are just providing an illusion of security which has no basis in reality.
I am aware of a method of breaking AES on a 10k computer setup, within a day. It's a question of cpu power and disk space as to how long it takes to break.
All classical encryption techniques are likewise vulnerable to similar attacks, eg: GSM and DECT phones.

I would suggest that if it's absolutely vital to keep something secret, such as banking records and online logins, then you want a one-time-pad system.
I'm coding a one-time-pad system with unhackable networking which has bittorrent, email and browsing over a P2P Virtual Private Network (VPN).
This will be available for free, with source code, for android this year. Regular computers will be covered by the Java port later.

Computer Security: DropBox + KeePass + TrueCrypt

Who is online