Latest posts by Michael Pietroforte (see all)
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
- PowerShell remoting with SSH public key authentication - Thu, May 3 2018
TrueCrypt audit ^
Before we have a look at EDS, let me say a few words about my recent blog post about the trustworthiness of TrueCrypt. The Open Crypto Audit Project (OCAP) has since audited TrueCrypt. The audit didn’t discover any (obvious) backdoors, but it found 11 security-related flaws. The crypto experts judged that the flaws are not immediately exploitable. Considering that crypto legends such as Bruce Schneier are behind OCAP, I’d say that this increased the trustworthiness of TrueCrypt significantly.
However, such audits can’t really prove that software contains hidden backdoors—that is, backdoors that are disguised as flaws. If it were possible to find all flaws with an audit, then we would never have to install security updates again. The main reason why many have doubts about TrueCrypt is because it is not clear who is really behind the project. Having said that, I continue to use TrueCrypt because I think it is secure enough for my purpose. You have to decide for yourself if it is secure enough for you, too.
This also applies to EDS. The source code of EDS Lite can be downloaded. So feel free to do your own audit. EDS Lite was downloaded more than 50,000 times, and EDS was downloaded 5,000 times. Both tools have a rating of 4.5 stars, which is not too bad.
TrueCrypt with Dropbox ^
I have been using EDS Lite for some time, and I found the app to be reliable and easy to use. The main reason I recently switched to the full version was the Dropbox support. I mostly use TrueCrypt under Windows, but occasionally I want to access encrypted files on my phone. Copying files through USB or my phone’s WiFi sync software is not an option for me—too cumbersome.
Dropbox and TrueCrypt play nicely together under Windows because, when you modify a file in the container, only changed blocks—and not the entire TrueCrypt file—are synced. Unfortunately, this doesn’t work on Android. Even if you only change a few bytes in a container, the entire TrueCrypt file has to be downloaded to your Android device.
The full version of EDS doesn’t change that. However, compared to EDS Lite, you have a few features that make this downside of Android less painful. First of all, let me mention that you can also use EDS Lite together with Dropbox, even though the free version has no built-in Dropbox support. However, you can just open a TrueCrypt container through the Dropbox app. If the file extension is .tc, Android will allow you to open the file with EDS Lite. You can even make changes to files. Once you close the container in EDS Lite (long tap), Dropbox will upload the entire TrueCrypt file to the cloud.
One downside of this method is that you always have to download the latest version of the TrueCrypt file manually to your phone because Dropbox for Android doesn’t automatically sync all files. You can, of course, use Dropsync to autosync Dropbox files on Android. However, you still have to open the file through the Dropbox app to open the container in EDS Lite.
With EDS (full version), you can add TrueCrypt containers in a special Dropbox folder directly from the app. You can also add shortcuts to folders or files within the TrueCrypt container to your home screen. EDS will sync the container with Dropbox whenever you close the container. It also syncs the TrueCrypt containers you added to EDS every hour, and you can configure to sync only when WiFi is available.
The Dropbox integration is nice, but it is perhaps not a must-have feature if you only open TrueCrypt containers every now and then. However, the full version of EDS has quite a few additional features that might make the purchase worthwhile.
EDS Lite vs. EDS ^
EDS Lite only supports the crypto algorithms AES, Serpent, and Twofish, whereas EDS knows the same crypto algorithms as TrueCrypt. If you used an unsupported algorithm to encrypt your files with TrueCrypt, EDS Lite won’t be able to decrypt the container, and you will receive the error message “Wrong password or unsupported container format.”
Perhaps the most important additional feature of the full version is the support for key files. Working with key files makes a lot of sense, particularly if you store security-sensitive files in the cloud. Of course, you shouldn’t store the key file in the cloud, and you have to manually copy it to all the devices where you want to decrypt TrueCrypt files.
Other nice features of the full version are the support of hidden TrueCrypt containers and the search feature. If you rooted your Android device, you can directly access network shares (SMB) from the app and mount TrueCrypt containers in the Android file system. For more additional features of the full version, check out the description in Google Play and also have look at the documentation.
EDS is a nice app. However, it is not the perfect solution for syncing encrypted files with the cloud. If you have large TrueCrypt files, you won’t be happy with the app. The EDS folder that displays your TrueCrypt containers from Dropbox doesn’t show the sync status. Thus, it can sometimes happen that you receive the message “This container is being synchronized” when you try to open a container. To display the sync status of the container, you have to view the container properties (long tap), which is not very user friendly. Nevertheless, EDS plus TrueCrypt plus Dropbox is the best solution I found so far to store my encrypted files in the cloud.
Are you using a better solution? Perhaps with other cloud drives like Microsoft’s OneDrive or Google Drive?