Encryption with SecurStick

SECURITY NOTE REGARDING SECURSTICK: As of this edit (14 June 2010) the author has decided against releasing full source code for this application. The presence of undocumented commands and options has been confirmed. Given the closed-source nature of the application, there may be other undocumented features that would result in insecure encryption or other unanticipated operation. The reader is encouraged to evaluate whether this information is significant for the proposed use.

Other encryption solutions

There are several good solutions available for encryption. For example  FreeOTFE  Truecrypt or EncFS. Truecrypt and EncFS require administrator rights on the computer for installation, while FreeOTFE (and FreeOTFE Explorer) have no such restriction.

  • FreeOTFE uses a encrypted container-file or partition/volume, which has the advantage that it is not obvious if files are in this container at all, i.e. concealing all file properties. FreeOTFE is available for MS Windwows and Windows Mobile.
  • Truecrypt, like FreeOTFE, uses a encrypted container-file or partition/volume. The disadvantage is that the container occupies all its initial disk space all the time and does not grows/shrinks by adding/deleting files. TrueCrypt is available for Windows, Mac OS X and Linux.
  •  EncFS runs on Linux and Mac OS X and Linux using  (Mac)FUSE. It integrates into the system and encrypts each file on its own. The advantage is that an encrypted file only needs as much disk space as the unencrypted would need – for the disadvantage that somebody could see that there is a certain, encrypted file with a certain size.

SecurStick

needs further development: An explicit example showing its application to Dropbox security would be of tremendous help. Note: use of SecurStick does not add webDAV file management functionality to Dropbox.

SecurStick is another program that encrypts file-by-file. It was was written for the German IT-magazine ct as a solution for encrypting files on USB-dives without a requiring an installation or admin rights, i.e. it can be run on other computers. SecurStick is a small  WebDAV server running locally and encrypts on-the-fly files using the operating system’s WebDAV implementation.

When SecurStick is run for the first time it asks for a password requiring at least 5 symbols with at least one symbol from upper/lower case letters, numbers and special characters each. The files are encrypted/decrypted when they are written/read to/from the operating systems WebDAV mount; for example something like webdav://127.0.0.1:2000/X. The encrypted files are saved into a folder ‘X’ that is created at SecurSticks current path. For different encrypted paths, create a new folder and copy SecurStick into it.

SecurStick is available for MS Windows XP/Vista/7, Mac OS X and Linux.

Windows currently limits the allowed file sizes from the WebDAV servers to about 47MB. Larger files are taken as a denial-of-service-attack. The file size limit can be changed by increasing in the Windows registry in HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ WebClient \ Parameters the parameter FileSizeLimitInBytes.

Note: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Use the Registry Editor at your own risk.

To use with Dropbox, simply move the SecurStick executable to a Dropbox folder. The encrypted files will be stored in a newly-created “encrfiles” directory in the same directory as the executable. To encrypt files, simply copy them to the (newly-mounted) WebDAV folder. They will then be written to the encrfiles directory and synched via Dropbox.

Note: Copying files directly into the “encrfiles” directory will NOT encrypt them. You must copy them to the WebDAV folder that is mounted when SecurStick is loaded.