Resources

Truecrypt Dropbox alternatives

Where to start to find a Truecrypt Dropbox alternative

If you’re here, you probably know by now that Truecrypt is now defunct, and you’re likely looking for alternatives. In May 2014, the Truecrypt’s developers posted what they called a Doomsday warning, saying that Truecrypt would cease to be supported. They took the unusual step of saying that TrueCrypt is “considered harmful” and shouldn’t be used. The news left many, like you, searching for Truecrypt Dropbox alternatives.

Now is probably as good a moment as any to mention our stake in the matter. In fact, Sookasa is a Truecrypt Dropbox alternative, offering an encryption and compliance solution built by a world-class team of security experts and academics. But we’ll get to that in a bit.

What is Truecrypt?

First, a bit of backstory. Long before Truecrypt’s announcement that it was going under, users deserved alternatives, because it was never that secure to Truecrypt Dropbox. Truecrypt was initially released back in 2004, and in the intervening years it became a widely used encryption solution. Since it shut down, its legend has only grown—that it shut down so abruptly because it feared the results of an ongoing crowdfunded, crypto audit, or else that it was just falling behind. That last point is indisputable: Truecrypt never supported modern programs or full disk encryption on Linux or Mac.

Truecrypt was a personal virtual drive. It is installed on a computer and can be mapped to any folder on the computer, including Dropbox. To Truecrypt Dropbox, users had to move thier Dropbox folder to an encrypted TrueCrypt volume. The virtual drive folder interface would be password enabled, and in an important security weakness, it would show decrypted files. The encrypted content itself is included in a single file that can be placed in any folder. So the whole Truecript directory would appear in Dropbox as a single huge file! The whole Truecrypt Dropbox directory is encrypted using the same key.

With Truecrypt Dropbox, users found an absence of features rather than an abundance of them:

  • Truecrypt Dropbox sync is impaired as any change in any file will sync it all (this is how you share between devices)
  • No sharing in Truecrypt Dropbox; you can only share the whole directory if you share the credentials
  • No teams or partners concept in Truecrypt Dropbox
  • No individual or admin dashboard
  • No way to block a lost or stolen device
  • No adherence to compliance or regulation standards in Truecrypt Dropbox
  • No method to recover data from terminated employees
  • No password recovery. If you’ve lost your password, you’ve lost your files…

So, was Truecrypt secure?

Truecrypt was authored anonymously, and according to some, used stolen code. There were a number of questions about whether it’s sensible to trust anonymously developed cryptography. Cryptography is difficult stuff, and the backgrounds of the developers usually give some clue as to the strength of the project. That wasn’t the case with Truecrypt. Its code also wasn’t audited or certified, which we think is an important step for any security solution. If you have legal or compliance concerns, Truecrypt Dropbox wasn’t an option for you anyway.

The best Truecrypt Dropbox alternatives

The open-source Truecrypt Dropbox alternative:

VeraCrypt

If you’re a Truecrypt purist, then Veracrypt might be your best bet. That’s because it’s a fork of the original TrueCrypt code. It’s not much different from Truecrypt, both from a visual and security standpoint. Many of the security features that users might expect from a modern security solution, such as a centralized dashboard to a way to recover password, are still missing. And despite its shared origins, moving to VeraCrypt isn’t as simple as downloading it. VeraCrypt isn’t compatible with TrueCrypt’s volume format, which means VeraCrypt can’t open TrueCrypt Dropbox container files. You’ll still have to decrypt and then re-encrypt your Dropbox data.

A word about open source software

Many people sought out Truecrypt for Dropbox precisely because it was open source. But Truecrypt itself didn’t quite live up to that. The source code was viewable, but didn’t fully meet open source criteria because it had all sorts of distribution and copyright restrictions. In fact, the Open Source Initiative was set to reject Truecrypt’s license back in 2006, and the petition for the audit pointed out that Truecrypt used “an odd, potentially non-FOSS license.”

As for open source projects more broadly, there are many merits. But it’s important to bear in mind that transparency doesn’t mean these projects are actually more secure—or appropriately scrutinized. Many people and businesses learned that the hard way when the Heartbleed and OpenSSL vulnerabilities came to light.

But because Truecrypt touted its open source origins, many people have turned to open source alternatives for Dropbox encryption.

The built-in encryption Truecrypt Dropbox alternatives:

Microsoft has a built-in utility, BitLocker, which in fact was the very solution Truecrypt’s developer recommended. Because it’s built in, it might seem like a natural solution. It’s free if you have Windows 8 and 8.1 Pro. Mac’s built-in encryption tool is called FileVault. It uses the AES 128-bit cipher. However, these approaches only encrypt the local copy of a file. So when Dropbox syncs the file, it “reads” the decrypted version, which doesn’t leave you much protection.

The Sookasa Truecrypt Dropbox alternative:

Sookasa combines convenience and compliance. We provide end-to-end encryption to the cloud, enabling professionals to use Dropbox to store, sync, and share sensitive data while complying with regulations such as HIPAA and FERPA.

Sookasa provides a complete compliance shield around files by encrypting with bank-grade AES 256-bit encryption and using patented cloud-based key management to restrict access to authorized employees and partners.

Best of all, we do more than simply encrypt information. Sookasa features:

  • Enables HIPAA and FERPA compliant user of Dropbox
  • Centralized administrative dashboard
  • Protects files on devices
  • Maintains encryption when sharing individual files or folders
  • Customized permissions for corporate teams or sharing partners
  • One-click way to block a lost or stolen device
  • Admins can easily recover data from terminated employees
  • Simple password recovery

Interested in learning more about Sookasa as a Truecrypt Dropbox alternative? Try us out today.