Forgot your password?

I assume that my data stored online is ...

Displaying poll results.
Much less safe than that stored locally
  11443 votes / 55%
Slightly less safe than that stored locally
  3158 votes / 15%
About as safe as that stored locally
  1967 votes / 9%
Slightly safer than that stored locally
  1458 votes / 7%
Much safer than that stored locally
  1170 votes / 5%
Who cares? It's all encrypted the same way ...
  1363 votes / 6%
20559 total votes.
[ Voting Booth | Other Polls | Back Home ]
  • Don't complain about lack of options. You've got to pick a few when you do multiple choice. Those are the breaks.
  • Feel free to suggest poll ideas if you're feeling creative. I'd strongly suggest reading the past polls first.
  • This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane.
This discussion has been archived. No new comments can be posted.

I assume that my data stored online is ...

Comments Filter:
  • Define "safe" (Score:5, Interesting)

    by SirGarlon (845873) on Tuesday June 05, 2012 @12:32PM (#40221859)

    There are aspects to "safety."

    Redundancy is one aspect. I trust my data online to be adequately backed up and protected from loss in a single accident. Local data, not so much. So online data is safer from *me*.

    Privacy is another aspect. With local data, I control who sees it, end of story. Storing it with some third party -- have you actually read the "privacy" policies for Google and iCloud? I'd call them a joke, but "outrage" is a better word. So local data is safer from *them*.

    Continuity is another aspect. I'll be able to access my local data unless something happens to destroy it. With online data, I could be locked out tomorrow on whim (or by accident). It's already happened to me with Steam games. Yes, Steam did fix the problem they caused, two days later and with a lot of time on my part. I suppose they consider that "great customer service." So again, local data is safer from *them*.

    All in all, I would rather accept the risks I can control than trust a company whom I can't control.

  • by mlts (1038732) on Tuesday June 05, 2012 @01:20PM (#40222545)

    I use TrueCrypt for offsite data as well, with a couple recommendations:

    First, one of the core rules of offsite storage is that one needs to assume that if it is stored offsite, it can be read by anyone, be it someone in a foreign country, an ex who is looking to dig up some dirt, a rival in the chainsaw fencing league looking for a way to get others disqualified, or a law firm looking to start suing people en masse.

    By storing something where one has no control over the physical media, one should consider that their TC container, regardless of where it is stored, has people quietly trying to brute force the passphrase 24/7/365. This is definitely an assumption, and it might be on the border of being a tinfoil hat case. However, it can't hurt.

    To mitigate this, I recommend two things:

    First, use an encryption cascade. No, two 256 algorithms are not going to give a virtual 512 bits. Instead, it will be more like 257 bits of security. However, if one algorithm gets weakened by an attack, the other likely will still have its full 256 bits of strength.

    Second, use keyfiles. Just using a keyfile means that an attacker will be unable to brute force a passphrase, period. They will need to figure out what keyfile or keyfiles are in use, then try that in combination with a passphrase.

    If someone is concerned more about security of data than recoverability, the keyfile can reside on a USB flash drive. If recoverability is a factor, the keyfile can be stored someplace else, perhaps in a little used E-mail account on an obscure site as a uuencoded message.

    Don't just stash data in a TC container and forget about it. Security take some thought even with a top notch program like TC.

  • by CSMoran (1577071) on Tuesday June 05, 2012 @02:04PM (#40223217) Journal
    Doesn't TrueCrypt specifically warn you about the fact that storing multiple deltas progressively eats into the safety margin? My understanding was that any kind of incremental backup or delta-wise version control makes it easier to crack the encryption on the volume.

    Not that I'd expect the cloud provider to actively try and break your encryption, I'm talking more about the principle.

He's like a function -- he returns a value, in the form of his opinion. It's up to you to cast it into a void or not. -- Phil Lapsley


Forgot your password?