-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-06-19 04:38, Alistair Hutten wrote:
> Good evening, Alistair here from Australia,
>
> I'm after some help / recommendation to follow best practices
> (isolation between my different domains)
>
> My Current practice;
>
> - have encrypted vaults (cryptomator <
https://cryptomator.org/>)
> one for personal, and one for work/business, - underlying encrypted
> files stored within Dropbox
>
> I do it this was because data is encrypted at rest, and more
> importantly before dropbox sees them,
Careful:
* Certain kinds of encryption are easier to break if the attacker has
repeated access to a changing ciphertext.
* If you're not using authenticated encryption, then you're trusting
Dropbox to maintain ciphertext integrity.
> can sync between different devices, when computer dies within an
> hour have all my documents on new computer again. although it feels
> like it, I'm aware there isn't any isolation between those vaults
> when they are both open, which i know Qubes will fix that.
>
>
> My Aim;
>
> Certain domains i.e. personal, & work, to have documents sync'd
> offsite as I'm currently doing, still keeping isolation between
> them all and having all data encrypted at transmission & rest.
>
> Concern / Questions; ways i can think of, however open to
> recommendations / suggestions)
>
> 1. Cryptomator & Dropbox within each domain. - that seems wasteful
> having all files sync within each domain.
Yes.
> - doesn't that also brake the isolation?
Yes (arguably at least partially, depending on whether you, e.g., open
the same files in both domains).
> 2. Dropbox domain which someone shares files across then local
> domain just runs the Cryptomator? - is that even do-able?
Yes, but it might be a hassle, (or you might have to write your own
qrexec tools to make it not-a-hassle).
> - am i braking isolation by sharing files?
Depends on your habits and workflow. Opening the same files in
multiple domains can break isolation in this way.
> 3. sync'd files domain, which has both Dropbox & Cryptomator which
> the vault is shared personal to personal-vm, and business to
> business-vm, etc. - again is that even doable - and again is that
> braking isolation as well?
>
Sorry, I don't understand this scenario. Please try explaining it more
clearly.
>
> really looking forward to anyone's help on the mater.
>
> regards and thank you in advanced.
>
>
> p.s. I'm new / green as, stating to migrate away from windows 10,
> (i know terrible) just awaiting a USB WiFi i've ordered which I
> believe will make my laptop compatible so i can jump ship.
>
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXZq7fAAoJENtN07w5UDAwlOEQAKnMpnu1FspFMdT6orHG1Vwx
JBeMH0gHA2Y2vxdeREiS/hBc+XTqFeHWWLP7p3pvbyU69RjcXl1LSg4jciH9mhr7
/xxH6G8WZzGi0NIh7vF4RYq7gfG69SJA3GRNyO5Wl6Su/MRmBGJksEGCW4UJtjUW
mt+u3ccCn3G0WyXGvcuNhyz5s+T7lvSOEKeeL9Jd59wltKyrRctoc1FlboqI9yvu
Cg4Ce4CpLxVCiGAN7Y9Sj0tFww5nDePG4QH3FY/xgZI/vItgTz8eUfbWBIbXpS+K
wPAjLJ0CK05BXb13G4LG5CHwf679L0AVXCcwuNpvkswx2XHG06FISL5MIFYA/eFK
Iv/F1uNi0UU5RGN1cB4PagXuABOQQXtcpRgY4Y1x9rnjLQGH8hIbL7dQKz3TQ8d/
Cx1WF/v5rVtiv4fEi3d9BtqDE7/Umv5sMxKD9/YZTOcC8MaJp7MdUnX7Vc5Mds55
89A3fq7GRoLjXmbbmFS9HL5Fx8eV75hVjNjYmShP5Kn42yU6vXW2GXWs4D5dfKsU
10izXBVxJcCOgGnQNLxMAAsNpM2dTriV8FJQK29FfhD114TS2vaP+5WlR62az9gO
RXe8EbY9L9F4pKG8OEsSng9xqVOCMU6dUAenpdzxJyQ3yZx367OnU5RJ8yhgxw2z
ty/NfakNnl2gRzjWk7+7
=ri5J
-----END PGP SIGNATURE-----