Cryptomator Vs VeraCrypt: which is the best to use with Syncthing?


#1

Cryptomator Vs VeraCrypt: what is the best to use with Syncthing?

I need to keep my documents encrypted.

On the forum I read about pros and cons of different encryption solutions, and, at the moment, VeraCrypt seem to be the better choice.

But I didn’t found any discussion about Cryptomator.

Someone can give me some technical opinion?

Thank a lot.


(luke) #2

Please be aware that VeraCrypt containers can not be opened on more than one computer at the same time. I think this is no issue with Cryptomator.


(Simon) #3

I don’t have any knowledge of these programs, but typically this depends a lot on your exact use case. So if you want to get a good answer, you should probably provide some more information on what systems and for what purpose you want to use these.


#4

Often the argument comes down to: How much metadata about your file are you willing to leak for convenience.

Maybe people say that Volume based are better because they don’t let the attacker know about the size of files or how many, etc… But most people out there aren’t really informed of the risks vs benefits. They just blindly follow what someone else said on a forum somewhere because it sounded smart (without really digesting the info to know if it was indeed even relevant to their situation).

If you are trying to hide a collection of illegal MP3s from the RIAA or movies from the MPAA then indeed this might be a concern. They have fingerprinting programs that can make a reasonable guess what you have encrypted in a folder just by number of files, file sizes, MAC times, etc… But if you have a collection of random docs and spreadsheets that you made (and are thus unique). Do you really care if someone knows how many files and what the file size or last mod date is? Probably not, there’s not much they can do with that data. What you care is that they can’t see the actual data… and most programs are just fine for scrambling that.


(Simon) #5

Again, just from theoretical “knowledge”: File based encryption could be beneficial in combination with Syncthing as you don’t need to hash an entire volume whenever anything changes. Though your options both are volume based, so your intention may be to sync the unencrypted files while the enc-volume is mounted, in which case this isn’t relevant at all.


#6

Thank you all for your help.

I want to protect some company files as contracts and CAD projects.

So, in this case, single file encryption can be better. But what program you suggest me to use?

Thanks again.


#7

There are some audits that proofs that VeraCrypt is safe, i would recommend VeraCrypt.


#8

Although Cryptomator is not quite as well hung as VeraCrypt/TrueCrypt, it is opensource and it did have at least one independent audit.

Has there been a security review / audit of Cryptomator?

How does Cryptomator compare to Veracrypt security-wise?

Cryptomator uses file-based encryption in it’s “vault” folder, rather than encrypting files to a single container, which in my eyes makes it more suitable to file syncing.


(Martin) #9

I’m using encfs very successfully with Syncthing, which implies that gocryptfs should also work well.