I am just setting up a second computer with Cryptomator (which like the first Pc is set to sync THE SAME encrypted folder to the cloud for access by both computers via Google Drive).
In setting this up I noticed that Cryptomator places ‘valt.cryptomator’ and masterkey.cryptomatorxxxx.bkup style files within the folder that is being synced to Google Drive.
I am wondering - is this the most SECURE way to make use of Cryptomator and cloud-syncing?
ie wouldn’t it be more secure if these decryption Key files could be stored OUTSIDE of the folder being synced to Google Drive?
If there is a way to do this, what is the work around?
- Again, I have encrypted via cryptomator an entire folder for syncing with google drive (which now contains my files and the decryption key files, due to the way Cryptomator stores the keys)
See here: Why is the masterkey stored in the cloud?
If you move the masterkey to somewhere else, you will be asked where it is when you open the vault.
Please keep in mind that the mobile apps need this file too, to open your vault.
Ok - thank you.
How long until AI / Brute Force attacks will become a problem for these keys, given what we know at this point in time (and given there is no lock-out feature for incorrect tries)?
More details about cryptomator security architecture:
And as always: a strong password is the key.