LASER_oneXM

Level 34
Verified
I'm using on all my machines: pcloud.com. This provider is offering encryption for the traffic and also for your files. ...... a quote from this link (expand "View pCloud features"):

Security and Encryption
  • Secure 256-bit TLS/SSL connection
  • Client-side encryption through pCloud Crypto
  • 5 copies of files on different servers
If you buy (the cheapest) premium account (500 GB for $ 3.99) then you can also buy the encryption (extra costs: $3.99 per month)
 
  • Like
Reactions: frogboy and Wave

Overkill

Level 31
Verified
Trusted
Thanks for all the replies! I will do some research on them, but for now I'll use a combo of MEGA and HDD :)
 
  • Like
Reactions: Wave

siren05

Level 2
Thanks for all the replies! I will do some research on them, but for now I'll use a combo of MEGA and HDD :)
Im suprised you asked for a safe site and you use MEGA.NZ?

I dont even trust MEGA one bit with my sensitive information. Its hard to even know who owns this shady website and when it will be taken down. If you got personal information, i suggest you try google drive, dropbox or onedrive. There is no the safest cloud storage site i believe.

I dont think these big companies are going to care what you store in your cloud unless its a restricted content. So why worry, its cloud after all, security is not 100% percent!

Using MEGA would easily put you on the not safe list for sure compared to ones from big IT companies.
 
  • Like
Reactions: Wave and Overkill

Overkill

Level 31
Verified
Trusted
Im suprised you asked for a safe site and you use MEGA.NZ?

I dont even trust MEGA one bit with my sensitive information. Its hard to even know who owns this shady website and when it will be taken down. If you got personal information, i suggest you try google drive, dropbox or onedrive. There is no the safest cloud storage site i believe.

I dont think these big companies are going to care what you store in your cloud unless its a restricted content. So why worry, its cloud after all, security is not 100% percent!

Using MEGA would easily put you on the not safe list for sure compared to ones from big IT companies.
Well I would encrypt my stuff first and use a very complex password for the archive
 
  • Like
Reactions: Wave and siren05

Overkill

Level 31
Verified
Trusted
But still, you can never know how long that site will last. Kim already said he is working on a open source service. I suggest you go with Dropbox, Google Drive or Onedrive. But its upto you. :)
Keep in mind (i've said it in previous threads including this one) I don't trust cloud sites period, but if my family insists on using it then I'll do what I can to make it as private/secure as possible. I prefer hdd's and good ole dvd's as a backup.
 
W

Wave

But still, you can never know how long that site will last. Kim already said he is working on a open source service. I suggest you go with Dropbox, Google Drive or Onedrive. But its upto you. :)
If he uses a complex password for his archive and the cloud becomes compromised and an attacker obtains his archive, it wouldn't be worth the investment of his time to wait for a brute-force attack to become successful to crack the archive password. Even if he is dedicated for waiting, depending on how complex the password is, it could take a dozen years to crack it via brute-force attacks - also depending on his system power for the calculations of speeding through the generated password guesses and applying them to the archive.

For example if his password which had a length of 182 characters like: £&(##(7719*!((nsnsjsuw***!*!(!ham\REGIS000TRY\\MA1CHINE\\SOFT99921WAREsan#dwich&"(!!!chRunOnceeese!!(("*&^^%3338764bacon(!))##NtTermi33319981nateProcess[Proc811essHandleNtStatus]+888 - then this would take a very long time to crack compared to other standard passwords... Not just because it is long, but also due to the complexity addition (lots of usage of special characters, numbers, and also normal characters). Once the AES-256/RSA-2048 key has been generated from the password, good luck with brute-forcing the key!

Use as long and as complex as a password as you can manage. Just make sure you have a backup of the password in various places which only you can access so you can recover your files from the archive should you lose it and need to re-download it - since you'll then need the password, otherwise you'll be struggling like the attacker to brute-force into the archive yourself. :D

Anyway, chances are if an attacker found a random archive after compromising a cloud network which is heavily password-protected (they wouldn't even know how complex the password is, they'd have to take the risk of wasting their time if they can be bothered), he would most likely give up with any brute-force attacks after realising that the password is complicated due to the archive not becoming brute-forced within a day of his system running a brute-force software for archive passwords.

However it won't be the actual password which someone will try to brute-force in most cases, but the actual private key. If the password is long and complex then they won't be able to just brute-force the short password, they'll need to brute-force the key. Which is the main problem.

Think about it carefully... If brute-force was as quick and easy as it may seem, then how come top government agencies have extreme difficulty with it? There's a reason why companies use algorithms like AES-256 and RSA-2048 for the private keys...

Do the math. ;)

Check this for more info: Time and energy required to brute-force a AES-256 encryption key. • /r/theydidthemath
 
W

Wave

Keep in mind (i've said it in previous threads including this one) I don't trust cloud sites period, but if my family insists on using it then I'll do what I can to make it as private/secure as possible. I prefer hdd's and good ole dvd's as a backup.
I agree. Backing up to your own external HDDs/DVDs is much more secure also, since an attacker would have to steal the physical component from you directly as opposed to be able to work remotely to steal the documents. :)
 

siren05

Level 2
If he uses a complex password for his archive and the cloud becomes compromised and an attacker obtains his archive, it wouldn't be worth the investment of his time to wait for a brute-force attack to become successful to crack the archive password. Even if he is dedicated for waiting, depending on how complex the password is, it could take a dozen years to crack it via brute-force attacks - also depending on his system power for the calculations of speeding through the generated password guesses and applying them to the archive.

For example if his password which had a length of 182 characters like: £&(##(7719*!((nsnsjsuw***!*!(!ham\REGIS000TRY\\MA1CHINE\\SOFT99921WAREsan#dwich&"(!!!chRunOnceeese!!(("*&^^%3338764bacon(!))##NtTermi33319981nateProcess[Proc811essHandleNtStatus]+888 - then this would take a very long time to crack compared to other standard passwords... Not just because it is long, but also due to the complexity addition (lots of usage of special characters, numbers, and also normal characters). Once the AES-256/RSA-2048 key has been generated from the password, good luck with brute-forcing the key!

Use as long and as complex as a password as you can manage. Just make sure you have a backup of the password in various places which only you can access so you can recover your files from the archive should you lose it and need to re-download it - since you'll then need the password, otherwise you'll be struggling like the attacker to brute-force into the archive yourself. :D

Anyway, chances are if an attacker found a random archive after compromising a cloud network which is heavily password-protected (they wouldn't even know how complex the password is, they'd have to take the risk of wasting their time if they can be bothered), he would most likely give up with any brute-force attacks after realising that the password is complicated due to the archive not becoming brute-forced within a day of his system running a brute-force software for archive passwords.

However it won't be the actual password which someone will try to brute-force in most cases, but the actual private key. If the password is long and complex then they won't be able to just brute-force the short password, they'll need to brute-force the key. Which is the main problem.

Think about it carefully... If brute-force was as quick and easy as it may seem, then how come top government agencies have extreme difficulty with it? There's a reason why companies use algorithms like AES-256 and RSA-2048 for the private keys...

Do the math. ;)

Check this for more info: Time and energy required to brute-force a AES-256 encryption key. • /r/theydidthemath

I agree even my gmail passwords are 100 chars long, i dont remember any of them thanks to lastpass.

But im talking about the files. If he doesnt have a backup anywhere or his local backup gets destroyed and its his only choice. It will be gone with the site forever.
 
  • Like
Reactions: Wave
H

hjlbx

Most family members are not IT\security geeks. They want easy-to-use and fast.

Seems like all they want to do is upload pictures and share with others.

Don't overly complicate it by making a procedure that would be appropriate for saving and uploading nuclear launch keys or designs of the next-gen stealth fighters...

I would make protection against loss the number one objective; whatever built-in cloud protection against hacking and unauthorized access is sufficient.

Your typical hacker doesn't go after family\personal photos - well - unless they are the really , really "juicy" kind that they could use to blackmail you - but what is the likelihood of that ?
 

siren05

Level 2
Keep in mind (i've said it in previous threads including this one) I don't trust cloud sites period, but if my family insists on using it then I'll do what I can to make it as private/secure as possible. I prefer hdd's and good ole dvd's as a backup.
In that case, i suggest Google Photos. Their app is excellent in mobile devices and great in web.

No offence, but trust me. These big companies or governments are not interested in average person data.

Try google photos, you wont be disappointed.
 

Dirk41

Level 17
Verified
In that case, i suggest Google Photos. Their app is excellent in mobile devices and great in web.

No offence, but trust me. These big companies or governments are not interested in average person data.

Try google photos, you wont be disappointed.

Oh! Very good . Finally someone followed my suggestion since post 1 ( or 2 or 3);):p

Anyway I save them on HDs too.


But if you don't mind to pay , stay with iCloud or similar ( without particular encryption processes before upload ) that allow you to easy show and organise photos and give you support in case of some bugs . Maybe you can even sue them if a bug cause the loss of you photos .

But I never had problem with Google .
 
Last edited:
  • Like
Reactions: siren05 and Wave

Overkill

Level 31
Verified
Trusted
Most family members are not IT\security geeks. They want easy-to-use and fast.

Seems like all they want to do is upload pictures and share with others.

Don't overly complicate it by making a procedure that would be appropriate for saving and uploading nuclear launch keys or designs of the next-gen stealth fighters...

I would make protection against loss the number one objective; whatever built-in cloud protection against hacking and unauthorized access is sufficient.

Your typical hacker doesn't go after family\personal photos - well - unless they are the really , really "juicy" kind that they could use to blackmail you - but what is the likelihood of that ?
Just normal family pics and vids no adult stuff ever :D BTW have you found an avatar your happy with yet? :p
 
  • Like
Reactions: Wave

NekoHr

Level 3
One more vote for Google photos as photos backup.

But I have some others too: SpiderOak for file sync between computers and previous version backup, Dropbox for small non important stuff, Mega for large non important stuff.