(Archived) Encrypt or Do not read quandary

[thorrrr 24]

Hi Guys

Just a quick query in relation to security and advice from yourselves i have started to encrypt some of my sensitive files.

I cannot use ordinary text messages as my files are bank statements, payslip, mortgage details etc.

I have a quandary i am currently using WInrar to encrypt into zip or rar files which works unless i need to read them on my iphone. I could use Acrobat but that costs $700 here in the UK so that is a none starter. I have a Scansnap that will add a password to pdf files if i have Acrobat so i either pay a lot of money for password on Acrobat which to be honest can be craked really easy. Or i use other options which make my iphone useless on those files.

I would like your to hear your thoughts and maybe a good debate for the podcast.

PS

I know i cannot search on them and is a kinda not within the spirit of what EN was intended , but some items need that extra layer of security for piece of mind or until security is more guaranteed.

[BurgersNFries 2,407]

I've been going as paperless as possible for the past two years. Of course, security pretty much goes along with that. My strategy is that all my sensitive documents (bank statements, bills, etc) are only stored on encrypted (Truecrypt - it's free) drives. I keep "local" (in house) backups that are also encrypted. (This is in case someone breaks into our home & removes the computer & all hard drives. Although my computer is on 24/7, chances are thieves will be in a hurry so they will simply unplug, load up & go, so the encrypted files/drives will not be accessible to them, unless they use "brute force." And since we're not filthy rich or work for the FBI & have top secret information, we're not worth the time/effort it takes for brute force.)

These documents are also off site backed up to Jungle Disk. The bucket/folder/notebook they are backed up to requires a 2nd password so even if they got into my JD account, they would need the encryption password.

In the event of a full out, total loss (IE a Hurricane Katrina on my house so my computer & all in house backups are destroyed) as long as my offsite backups at Jungle Disk/Amazon are intact, once I get a new computer, I can download those backups.

I simply don't store documents with sensitive data in EN.

I DO have several "local" EN notebooks that are not sync'd to the cloud for emails or info that is not as sensitive as a credit card statement (that has your name & account number on it) but still not something I'd want a questionable person to get their grubby hands on. Again, the data is stored on an encrypted drive.

In a nutshell, for me, if it contains sensitive info (identity theft fodder, VPN and/or logon info for work), it doesn't go into EN. I have other programs that are designed for that purpose. If it contains info that's slightly sensitive (something you'd not want a creepy weird person to get their hands on - something that wouldn't assist with identity theft, but still something you don't want someone else to know about such as semi-sensitive info that's work related), it only goes into a local notebook.

[thorrrr 24]

Hi BurgersNFries

I think i am missing something here sorry if i am . If you use Truecrypt why not use EN to store? What advantage do you get from JD over EN?

The chances of cracking Truecrypt are very small so not sure why you trust JD more than EN?? Or do you know something i don't??

[BurgersNFries 2,407]

Hi BurgersNFries

I think i am missing something here sorry if i am . If you use Truecrypt why not use EN to store? What advantage do you get from JD over EN?

The chances of cracking Truecrypt are very small so not sure why you trust JD more than EN?? Or do you know something i don't??

EN is not, nor is it intended to be a secured/encrypted backup system. Check out these threads:

viewtopic.php?f=30&t=6722&p=32513&hilit=sensitive+data#p32513

viewtopic.php?f=30&t=9561&p=37628#p37628

OTOH, JD is designed to be an encrypted backup system and (hopefully) all my important programs, documents, data files, blah, blah, blah are backed up to it nightly. If my computer dies today, I can d/l all those things & make getting up & running as stressless as possible.

If someone hacks my EN account, they have access to all my EN notes. If someone hacks my JD account, they still need to figure out my encryption code in order to view any of my sensitive files. Even JD doesn't know this code. JD warns you that if you use an encryption code, you better not forget it b/c there is no way they can retrieve it. And decryption requires that code. Again, not unbreakable for a good hacker, but probably more trouble than I am worth in time & money.

(Hope that makes more sense!)

PS - I don't worry about accessing billing statements from my iPhone b/c I figure if I need to do something like that, I shouldn't need to do it at that moment. So I can go home & access it from my desktop. OR...use LogMeIn from iPhone to connect to my desktop & access the PDF that way. (Hope that makes sense, too!)

[BurgersNFries 2,407]

I just experienced something that (hopefully) is a good example. In Evernote, I keep the login I need to go to to add addresses to my iPhone's GPS navigation system. I don't mind having that in EN b/c if someone hacks my EN account, they can't do anything with that URL b/c they would need to know my login & PIN. I do not store my login & PIN in EN but SplashID which is a password manager.