Boxcryptor Security

Boxcryptor is free to use with one cloud storage provider on two devices. As a single user you can boost your range of features with an upgrade. You get unlimited devices, unlimited providers and advanced security with filename encryption. An upgrade to Boxcryptor Personal gives you the freedom to profit from everything the cloud has to offer, in a secure way. Boxcryptor and Cryptomator are used primarily to ensure your data is kept safe in the cloud, no matter your cloud service providers. All these have been made possible due to their various security-related and encryption technologies. Data encryption features provided by the two encryption tools are robust.

More and more companies, self-employed and private customers are using Boxcryptor to protect sensitive data – primarily in the cloud. Boxcryptor ensures that nobody but authorized persons have access to the data. Cloud providers and their staff, as well as potential hackers are reliably excluded. The audit verified whether this protection is guaranteed.

During the audit, Kudelski was given access to the source code of Boxcryptor for Windows and to the internal documentation.

“All these components were logically correct and did not show any significant weakness under scrutiny. It is important to note that the codebase we audited was not showing any signs of malicious intent.”

The goal of the audit

The goal of the audit was to give all interested parties an indirect insight into the software so that they can be sure that no backdoors or security holes are found in the code.

Robert Freudenreich, CTO of Boxcryptor, about the benefits of an audit: “For private users, Boxcryptor is a means of digital self-defense against curious third parties, for companies and organizations a way to achieve true GDPR compliance and complete control over business data. With software that is so security relevant, it is understandable that users want to be sure that the software is flawless.”

The audit process started at the beginning of May with short communication lines to the developers and managers in the Boxcryptor team. If Kudelski had found a serious security vulnerability, they would not have held it back until the final report, but would have reported the problem immediately.

A problem rated as “medium”

The problem rated as medium is a part of the code that affects the connection to cloud providers using the WebDAV protocol. Theoretically, the operators of such cloud storage providers could have tried to inject code into Boxcryptor for Windows.

In practice, however, this code was never used by Boxcryptor, so there was no danger for Boxcryptor users at any time. In response to the audit, this redundant part of the code was removed.

Two problems classified as “low” and further observations

One problem classified as low concerns the user password: to protect users with insecure passwords, it was suggested that passwords be hashed even more frequently and that the minimum password length be increased, which we implemented immediately.

The second problem classified as low was theoretical and concerned the reading of the Boxcryptor configuration.

Security. Files encrypted with Boxcryptor are encrypted end-to-end. That means they're encrypted before leaving your machine, and don't get decrypted again until you access them. On top of that, Boxcryptor doesn't know or store your password.

Click to see full answer.

Then, how secure is Cryptomator?

Secure and TrustworthyCryptomator encrypts file contents and names using AES. Your passphrase is protected against bruteforcing attempts using scrypt. Directory structures get obfuscated. The only thing which cannot be encrypted without breaking your cloud synchronization is the modification date of your files.

Subsequently, question is, is OneDrive secure and private? By default, every file/folder you store in OneDrive is marked private by default. So the biggest element of protection for the security of your OneDrive files is the physical security of your hardware and having a robust password for your Microsoft Account along with two-factor authentication turned on.

Similarly, you may ask, is Microsoft Personal Vault Secure?

Microsoft's OneDrive cloud storage service now includes a “Personal Vault” for your sensitive files. These files are encrypted and protected with additional two-factor verification, even when they're synced to your Windows 10 PC. OneDrive's Personal Vault became available worldwide on September 30, 2019.

Which cloud is the most secure?

Here's the list of the most secure Cloud storage platforms out there:

Boxcryptor Security Audit

pCloud (Best overall security features)
Sync.com (Best privacy policy)
Tresorit (Best for setting individual user access)
SpiderOak (Largest selection of plans to choose from)
Oracle (Best for enterprises)