Author

Topic: Is Boxcryptor safe to encrypt wallets? (Read 149 times)

sr. member
Activity: 377
Merit: 282
Finis coronat opus
December 19, 2017, 05:27:24 PM
#7
Bitlocker is not open source. And additionally its made by microsoft. You have no clue whether they implemented any backdoors, etc..
Veracrypt on the other hand IS open source and is more trustworthy than bitlocker by far (in terms of security).
Plus Bitlocker is not free (requires windows PRO version), where veracrypt is completely free.

Yeah, you're right about open source. I forgot that it's Microsoft programm.
Let me say, that BitLocker is good enough for protecting you from hackers or 3rd party (if hacker find Microsoft backdoor you are able to sue with it) but it's useless against FBI or something.
legendary
Activity: 1624
Merit: 2481
December 19, 2017, 04:50:22 AM
#6
Veracrypt[1] (the successor of truecrypt) would be a trustworthy open-source alternative.
[1] Veracrypt: https://veracrypt.codeplex.com/; Source: https://veracrypt.codeplex.com/SourceControl/latest#README.md

Why not Bitlocker? It's successor of truecrypt too as i know and it's have open source code too.

Bitlocker is not open source. And additionally its made by microsoft. You have no clue whether they implemented any backdoors, etc..
Veracrypt on the other hand IS open source and is more trustworthy than bitlocker by far (in terms of security).
Plus Bitlocker is not free (requires windows PRO version), where veracrypt is completely free.
sr. member
Activity: 377
Merit: 282
Finis coronat opus
December 18, 2017, 01:58:13 PM
#5
Veracrypt[1] (the successor of truecrypt) would be a trustworthy open-source alternative.
[1] Veracrypt: https://veracrypt.codeplex.com/; Source: https://veracrypt.codeplex.com/SourceControl/latest#README.md

Why not Bitlocker? It's successor of truecrypt too as i know and it's have open source code too. Also, it's more popular wich increase probability of code inspection. ('cause "open" code without any audit can be more dangerous than "closed")
legendary
Activity: 1624
Merit: 2481
December 18, 2017, 01:38:17 PM
#4
Has it any advantage over an encryption with openssl for example?

Beside of its 'user friendly' UI there isn't an advantage.
Openssl is perfectly fine for that.

To encrypt it with AES for example:
Code:
openssl enc -aes-256-cbc -in un_encrypted.file -out encrypted.file
You will be prompted to enter a password.

If you chose to use an encryption with a private key instead of a password you should check if your entropy pool is 'filled enough'.
On linux:
Code:
cat /proc/sys/kernel/random/entropy_avail
If the number shown is bigger than 300-400 then your result will be 'random enough'.

Afterwards you could create your RSA private key with:
Code:
openssl genrsa -out private.pem 2048
and your public key with:
Code:
openssl rsa -in private.pem -out public.pem -outform PEM -pubout

Then to encrypt your file:
Code:
openssl rsautl -encrypt -inkey public.pem -pubin -in your_file.txt -out your_encrypted_file.ssl
and to decrypt afterwards:
Code:
openssl rsautl -decrypt -inkey private.pem -in file.ssl -out decrypted.txt

Key encryption gives you a higher grade of security regarding brute force / social engineering attacks.
Just make sure to keep your key at a safe place, with different backups.
But if you just want to encrypt it with a password thats not too risky either as long as the password is random enough.

full member
Activity: 244
Merit: 100
December 17, 2017, 12:14:06 PM
#3
Boxcryptor is using AES and RSA to encrypt files. Thats safe.
But how they implemented the algorithm and whether they made any mistakes (or backdoor) in the implementation can't be told for sure without inspecting the source code.
I would rather switch to a tool which has its source code published and read dozens of time. Veracrypt[1] (the successor of truecrypt) would be a trustworthy open-source alternative.
[1] Veracrypt: https://veracrypt.codeplex.com/; Source: https://veracrypt.codeplex.com/SourceControl/latest#README.md

Has it any advantage over an encryption with openssl for example?
legendary
Activity: 1624
Merit: 2481
December 17, 2017, 07:05:15 AM
#2
Boxcryptor is using AES and RSA to encrypt files. Thats safe.
But how they implemented the algorithm and whether they made any mistakes (or backdoor) in the implementation can't be told for sure without inspecting the source code.
I would rather switch to a tool which has its source code published and read dozens of time. Veracrypt[1] (the successor of truecrypt) would be a trustworthy open-source alternative.
[1] Veracrypt: https://veracrypt.codeplex.com/; Source: https://veracrypt.codeplex.com/SourceControl/latest#README.md
full member
Activity: 244
Merit: 100
December 17, 2017, 06:58:51 AM
#1
I've been using it for the past years, no problem at the moment, but i'm wondering if i should use something different and maybe opensource

What do you guys think?
Jump to: