InstantCryptor – file encryption for everyone
Cloud services with their ubiquitous accessibility and distribution of data provide opportunities for most comfortable data storage, yet privacy and security of the data you upload lies completely in the hands of the cloud provider. Solutions like BoxCryptor address this issue, yet installation of at least one program on your local computer is required. Depending on which computer you work on this might not only be time consuming but also impossible due to administrative restrictions.
How It Works
After the initial release we got a lot of feedback which was mostly positive, yet one thing related to security and usability was mentioned multiple times: when you download one of your encrypted files and enter the wrong password, you’d just get gibberish because the decrypter fails without the proper password, yet cannot tell you that it did. The same thing would happen if the encrypted file had been modified. After discussing multiple ways of securing authenticity and integrity of the encrypted file, we decided to modify encryption and decryption as follows: instead of encrypting just the plain text with AES256-CBC we now append the SHA256 of the whole plain text to it before encryption (which makes the encrypted file 32 bytes bigger than before). Accordingly, after downloading a file we decrypt it and check if the last 32 bytes of the decrypted message are the same as the SHA256 of the preceding bytes. If this fails (either because the encrypted message or the encrypted hash have been changed or because a wrong password was entered for decryption) the user is notified and can download the file again (with the correct password).
The changes are online, files that have been encrypted before the change can still be properly decrypted, yet we recommend reuploading for best user experience.
Do you store my Dropbox or Google password?
No, we do not transfer or store any of your data on our server. All functionality happens locally in your browser. Feel free to double check this in the source code.
Are my files transferred via your server?
No, the application runs in your browser and communicates directly with Dropbox or Google.
Receive our newsletter
- Get updates about CloudRail
- Read about new Services
- Get insights in IoT and Cloud topics