Monthly Archives: August 2014

A Question of Mine Featured on “Security Now!”

I’ve become absolutely addicted to the podcast “Security Now!”.  It’s all I’ve listened to since discovering it about a month ago, and I’m already up to around episode 70 (I drive a lot).

The podcast frequently does Q&A episodes and in one of the recent ones, a question that I wrote in was read and answered!

It was very exciting to know that the podcast’s hundreds of thousands of listeners were at one point listening to a question of mine.  It felt as if I had a small hand in helping to write the episode.  It also made the hosts Leo and Steve seem much more real to me.

The episode is “#466 – Your Questions, Steve’s Answers #193”, and they read my question at about 1:34:40 into the episode.

Below is the transcript which I acquired off of Steve’s website for that specific part of that episode.


Update:  Instead of reading the transcript, if you’d rather you can watch it from the TWiT YouTube channel.  Here is a direct link to about one second before they read my question: http://youtu.be/IjBQTaIzOkM?t=1h34m24s


LEO: That’s right at the front on TWiT.tv. Matthew Urch, writing from – I like that, Urch, U-R-C-H, writing from Toronto Ontario, wonders about cloud storage encryption. Seems to be the topic of the day. Love Security Now!, been listening since I discovered it a few weeks ago? Welcome, Matthew.

STEVE: Yeah.

LEO: My question has to do with encrypting the contents of cloud storage. I know I can simply create a TrueCrypt volume I store on the cloud, but then every time I make a change it’s a massive file that has to be re-synced. Is there a solution to ensure my data is protected on the cloud that is a little friendlier to the syncing nature of those cloud solutions? I would think file by file would be better; right? I found CryptSync, which is a Google code page, C-R-Y-P-T-S-Y-N-C, which seems like a good solution, but I lack the knowledge to vet it myself. Have you heard of it? Or is another solution out there?

STEVE: So I think I sort of stepped on this one already because I remember when I chose this, this was the reason I wanted to mention Boxcryptor, which I have, and I have been looking at. And everything about it I’m liking. They’ve got full documentation of their crypto. They lay out what they do. You can buy it. It’s completely cloud provider agnostic, so you can use it on your own systems. You can use it on your own remote storage or on cloud providers. You could encrypt folders remotely and then have other ones that are not encrypted.

So anyway, I would say to Matthew, take a look at Boxcryptor. I need to look – essentially what I’m going to do is, rather than try to talk about every remote cloud provider under the sun, and as we’ve seen there are just too many of them, I just can’t, I mean, people, ever since I mentioned I wanted to do this, it’s like, people are writing about ones I’ve never heard of. I’m less interested in the monolithic, oh, don’t worry, we’ll take care of you. I understand there’s a market for that. Jenny is using the one that is a frequent sponsor of the show, and I’m blanking on it.

LEO: Carbonite.

STEVE: Carbonite, yes. And that’s perfect for her. It provides the set-it-and-forget-it backup that she needs. But for our more techie users, who want to roll their own, what I really want to find is the right client-side tool. Oh, and the other thing about Boxcryptor is cross-platform – Windows, Mac, iOS, Android. So they’ve got all that covered. So I would say take a look at that. And I’ve not looked at CryptSync, so I can’t speak about it, but I definitely will. And we’ll end up doing a roundup of all that.

LEO: You remember – I should tell you what I use, just to throw it in. You remember Phil Zimmermann, who, I’m sorry, not Phil Zimmermann. That’s the PGP guy. Who did PKZIP?

STEVE: Phil Katz.

LEO: Kaplan, Kaplan, Katz, right.

STEVE: Katz.

LEO: His company, PKWARE, does a program called Viivo, which the idea is you continue to use Dropbox or whatever, and it’s public key file encryption, so it’s what you talked about with Pre-Internet Encryption, PIE. Right?

STEVE: PIE, right, right, PIE.

LEO: Yeah. So that would work; right? If you did it file by file before you sent it up to Dropbox?

STEVE: Yes. And they are one on my list of it done right.

LEO: I’ve used them. I’m not sure – yeah. So okay. Good. There you go.

STEVE: Yup.

LEO: I don’t know how much that costs. I can’t remember. It’s not free, though. It’s a commercial product.