[Sussex] Dropbox like system

John Crowhurst info at johnscomputersupport.co.uk
Wed Dec 5 08:44:46 UTC 2012 

Hi Steve,

On 5 Dec 2012, at 08:17, Steve Dobson <steve at dobbo.org> wrote:

> Hi John
> 
> On 04/12/12 22:38, John Crowhurst wrote:
>> Hello,
>> 
>> I'm thinking of setting up a Dropbox like system for my backups. I have
>> some software that can do synchronisation on Windows and Mac computers
>> but have a couple of stumbling blocks that will need to be addressed.
> 
> What software is that?  I ask because it might be useful to me as a
> cloud storage system for my Android devices.

I was using SyncBack for a while, I'm now using something called syncovery. However, it's proprietary and not free.

I just wondered how Dropbox like services work and whether it is easy to setup on a remote host. 

> 
>> How do I organise the storage? Is there a file system that does account
>> based encryption/decryption on the fly? Does it have a facility to show
>> how much a user has used or is that managed through quota?
> 
> I don't think that account based encryption/decryption is the right
> solution here.  If the server is doing encryption/decryption then that
> suggests that the data is being transmitted over the ether in plain text
> - a security hole.
> 
If the user uses SSH, then the link is encrypted. 
>> I looked at ecryptfs but that is an encryption layer that encrypts the
>> partition by encrypting file contents but that doesn't stop someone who
>> has root access from seeing their files.
> 
> File system encryption is a good fit if the storage device is not
> secure, and where the key can be kept safe when the data is not being
> used.  Laptops are a good example here.

I think that depends on what you are wanting. I've noticed that ecryptfs works as an intermediary layer and encrypts the file contents, rather than the whole drive. Without the layer, the files are useless. 

I would have thought something like a true crypt or tcfs volume would be a better choice for a laptop as nobody can see inside the drive but the person with the key. 
> 
>> I hope someone has ideas to point me in the right direction.
> 
> The first question is: Whom do you trust?
> 
> If the server is located in a safe place (your home) and you trust
> everyone that has access to that location (your family) then there is no
> need to encrypt on the server.  Just set up a secure connection between
> the server and the client to secure the data during transmission.  VPN
> software is the way to go here

A home setup probably wouldn't need a VPN since everyone is effectively trusted, and wouldn't need encryption either. 
> .
> 
> If the server is not trustworthy then you will need do
> encryption/decryption client side only.  The server just stores the
> encrypted data it is sent.
> 
> Security is all about key management.  You need to keep the key safe and
> only on systems that are trustworthy.

I wondered how Dropbox does it, the connection is obviously encrypted but is it client side encryption or server side?.

Best,

John

More information about the Sussex mailing list