Securing Dropbox

As I mentioned recently, Dropbox is awesome. When using it, however, it’s important to think about security. The dropbox guys lock up your data nice and tight – but they hold the keys.

Think of it this way: You’re on a cruise ship, and you have a priceless diamond tiara (don’t we all?). You know it’ll be much safer in the ship’s vault than in your cabin. The ship’s purser is only too happy to watch over your valuables in their very strong safe. Now you can rest easy.

Except… there’s someone besides you who can open the vault. What if the government serves the purser with a warrant (or some other constitutionally-questionable writ) and takes your tiara? What if someone fools the purser into handing over your tiara? For most things, trusting the purser is fine, but that tiara is really something special. What you need, then, is a special box with a really strong lock. You give the purser the box and neither he nor anyone else can even see what’s inside, and you can make it a really strong box, so even if the purser hands over the keys to his vault, your stuff is still safe.

The same principle applies with Dropbox. It’s really convenient and pretty darn secure, but someone else is holding the keys. For most things, like my writing, no further security is necessary. Yet I have a few files that I don’t want to leave to someone else to protect, but I still want the convenience and data backup Dropbox provides. On my mac I’ve set up a very simple system that allows me to see my most secret files whenever I need to on any of my machines, but protects them from prying eyes. It’s actually pretty simple, and there’s almost certainly a direct analog on Windows.

The disk utility that comes with Macs can create an encrypted disk image using pretty dang strong encryption. If you put that image file in your dropbox, then any files you add to that virtual disk will encrypted and saved to your Dropbox when you unmount the disk. Here are the steps:

  1. Fire up Disk Utility (it’s in the Utilities folder).
  2. Click New Image
  3. Decisions, decisions….
    • Name your new disk. If you name it “secret stuff” that will just make people curious.
    • Size: For reasons I’ll go into shortly, I’d advise not making this any bigger than you really need. If you’re protecting text files, it can be pretty small. The 100MB setting is probably more than enough for most people.
    • Format: Just use the default
    • Encryption: I say, what the heck. Go for the maximum unless you’ll be using a really old machine.
    • Partition: just use the default.
    • Image Format: sparse disk image – this will keep the size of the actual disk file down. UPDATE – As of MacOS X 10.5, there’s a new option called “sparse bundle disk image”. DON’T USE THAT! It seems perfect at first (see below) but things get mucked up if there’s a conflict.
  4. Save. You will be asked for a password. You’ll not need to remember it, so make it good and strong, nothing like any password you’ve used anywhere else. Keep the “save in keychain” option selected. (If you need it later, you can find it with Keychain Access.) – Remember: this is the secret that protects all your other secrets.
  5. Voila! Put the disk image in your Dropbox folder. When you open the image file, a new hard drive will appear in finder. Anything you put on the drive will be added to the .dmg file you created.
  6. “Eject” the drive on that machine and open the .dmg on any other machines you want to share the information. While you remember your crazy password, get it saved in the keychains of your various machines.

A couple of notes:

  • The .dmg file will only update when you “eject” the drive. So I advise you not keep it mounted most of the time. Open it, add/access the files inside, and close it again. If you open it on two machines at the same time, you will end up with two versions in your Dropbox folder.
  • I advised saving your password on your keychain, but remember that anyone who can access your computer can also access your secrets. So you might want to consider not putting the password in your laptop’s keychain, for instance, if you think it might fall into the wrong hands.
  • Since your secret files are saved as a single blob of data, you won’t have automatic backups of individual files. If you need to recover one, you’ll have to find the right version of the image file.
  • Since your information is saved as a big ol’ blob, if you make a huge .dmg file it will eat up space in your Dropbox and burn up unnecessary bandwidth each time your save. ‘Sparse’ images only grow to the maximum as you use the space (but never shrink unless you intervene with Disk Utility).
  • UPDATE – Apple has created a new format that saves the image file as a whole bunch of little blobs, rather than one big one. With that option, when you make changes, only the little blobs that changed need to get updated. This was to make Time Machine work better, and at first I thought it would be perfect for Dropbox. Then I spent a few minutes testing and discovered that the way Dropbox handles conflicts (two computers updating the file at the same time) gets royally hosed when you use this format. Bummer. So, don’t use it.
  • It’s possible to set things up to protect individual files, but it’s complicated. Hopefully it won’t always be.
  • Important! If you only store the password on one machine – Save it somewhere else also!. If you lose that password (if your hard drive crashes or your computer is stolen, for instance), you’re not getting into your strongbox. Ever. That was the whole point, after all.

5 thoughts on “Securing Dropbox

  1. Is this true???
    The .dmg file will only update when you “eject” the drive.

    I’ve been using this trick for years (not w/ dropbox, which I am not as jazzed about as you are), and I had no idea. I see timestamps updated on the disk image when I save a file .. what significance does that have, i.e. where does that file “write” to? A temporary space on the drive? Is that in of itself a security risk (or does it write encrypted data on a per-file basis, which is different than the way the .dmg is encrypted)?

    What happens if your system crashes before you can eject/unmount the drive? I’ve never noticed data loss on this disk, and it has the kind of data I’d notice losing … but certainly my system has crashed before.

    • Well, I’m just speculating here, but there is a built-in facility in MacOS that periodically creates a temp version of open files. I suppose there’s no reason the disk image utilities wouldn’t use it too.

      The backups created are exactly as if the file had been saved at that point, so any encryption you have on the dmg should still apply.

      To redisclaim, I don’t know any of the above for a fact. I do know that the .dmg doesn’t “officially” save until you unmount it.

      I’m curious about your less-enthusiastic opinion of Dropbox. If you’ve had a sub-stellar experience with it I’d like to hear about it.

    • And, reading your comment more carefully, there absolutely has to be a cache involved, keeping the updates to the dmg. Common sense would dictate that the cache would use the same encryption as the master, and if it didn’t that someone would have shouted bloody hell by now.

      Then again, relying on the common sense of others is a good way to get hacked. So, I don’t know. I am more motivated than ever to continue with my use model of “look, change, unmount”.

      • The more I think about it, the more I realize that yes, the virtual disk you play with while the dmg is open is a separate chunk of your hard drive, and that the contents of that virtual disk are unencrypted. That’s how you can see the contents in Finder, after all.

        So, yeah, the virtual disk is unencrypted so you can use it, and anyone with access to your computer can see its contents with Finder.

Leave a Reply

Your email address will not be published. Required fields are marked *