I'm a future author and have some questions


#1

So I’m working on a book series and was looking for a safe place to store my work what are the chances of it being stolen. I have some trust issues but I’ve been referred to you multiple times and I was told that you are all very open to communication.


#2

I guess that is the question you want to have answered.

In short: As long as your computer is clean from maleware, you don’t give your passwords away and your password has a sufficient length, pretty impossible.

With Cryptomator you create so called vaults, secure them with a password and after the first unlock you can put your confidential files into it. From the moment files are moved into the vault they will be encrypted and also stay encrypted on the hard drive all the time.

When you unlock your vault you see an decrypted view of the encrypted files. Only when programs access the vault and read a file (for example an editor loads a text file), the content will be decrypted and stored in the application memory. So everything on your pc with access to the unlocked vault can access your confidential files. And of course everyone who has you’re passwort and the encrypted vault can also read the content.

For used algorithms and techniques, see https://cryptomator.org/security/


#3

You have to assume, that attackers are economically reasonable. This holds true for both, the digital and the real world. If a bank vault is known to contain $100, no sane robber would even attempt to get into it, since his expenses for planning the robbery would exceed the loot.

So the real question is: How much is access to your data worth to the adversary? So you should choose your defensive means appropriately to make it economically unfeasible to attack you.

I have done the calculations in this thread (in German):

To summarize: Cracking even a fairly good password (12 random ASCII characters) protected by our key derivation function requires either millions of years on a single machine or millions of machines if the attack shall be successful within a single year. Buying the hardware (without using it) costs you billions of dollars. But it gets worse: Running the hardware costs you even more because you need a shitload of energy exceeding what the (at the time of writing this) largest power plant can produce.


That said, you should not use a 12 char password. Better use a nonsense pass-sentence. Length is way more important than complexity!


#4

One aspect of information security is also availability. @infeo and @overheadhunter already mentioned the confidentiality and integrity aspect that Cryptomator provides, however you have to be aware that Cryptomator is not a backup solution. It’s advisable to put the vault in a cloud storage because most providers can restore older versions or deleted files. If you’re really worried about the availability of your data, make your own backups.


#5

Thank you all very much I appreciate the info. I hope all of you have a good day. Thank you very much once again.


#6

Additionally, be mindful that if you are using cloud storage your files are not encrypted in transit. Cryptomator is read only so you must download and upload unencrypted files every time you want to edit them. The only other option is to download/upload your entire vault every time you want to edit a file within your vault. Then your entire vault would be 256 AES encrypted during transit. Cryptomator is a very essential app in regards to security, but it still has some severe functionality shortcomings.


#7

That’s not true. All files are encrypted/decrypted local and thus only encrypted files are transferred to/from the online storage.

No. This is one major benefit from Cryptomator, that you do not have to transfer a complete vault. Unlike it is in eG veracrypt. Cryptomator works as single file encryption and only the changed files are transferred.


#8

Below was Cryptomator’s response when I inquired. I assumed that the unencrypted files were being exported from Google’s server to my device. Is that not what happens? I tested this by removing all access to the internet and Cryptomator would not let me access my files within my unlocked vault. I just got the continuous busy indication even though it did let me unlock my vault. That led me to believe that my vault files were not being stored on my device. I don’t see how my files could still be encrypted when being exported unencrypted from my unlocked vault when my vault is stored on Google’s servers. I said as much in a reply to Markus, but he never replied so I assumed my assumption was correct.
Also, could you please consider integrating a sync feature that would 2-way real-time sync vault files with a local unencrypted folder? That way we could edit our files without exporting/importing. Additionally, we would never have to grant 3rd party access to our vaults. It seems like a simple sync feature might be a feasible simple solution to the editing issue and would leave or vaults secured. Thanks.

Hello Allen,

when exporting or sharing data from a vault with another app / to the device storage the files are no longer encrypted. This would prevent other apps from accessing the files. There is now way to, on the one hand keep the files encrypted and on the other hand give other apps, which are not aware of the encryption, access to the files.

All files inside of the vault, so all files which are stored inside of the cloud, will stay encrypted though.

Regards
Markus Kreusch


#9

I think there is some misunderstanding: While @Michael talks about the Desktop application, @AJ7 refers to the Smartphone apps. For the mobile versions of Cryptomator it is true that they don’t have a “offline” feature. The files are always downloaded on the fly from the cloud provider if they are opened. Thus, if you save a open file to your (local) smartphone storage, it is stored unencrypted.