-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-06-19 04:38, Alistair Hutten wrote: > Good evening, Alistair here from Australia, > > I'm after some help / recommendation to follow best practices > (isolation between my different domains) > > My Current practice; > > - have encrypted vaults (cryptomator <https://cryptomator.org/>) > one for personal, and one for work/business, - underlying encrypted > files stored within Dropbox > > I do it this was because data is encrypted at rest, and more > importantly before dropbox sees them,
Careful: * Certain kinds of encryption are easier to break if the attacker has repeated access to a changing ciphertext. * If you're not using authenticated encryption, then you're trusting Dropbox to maintain ciphertext integrity. > can sync between different devices, when computer dies within an > hour have all my documents on new computer again. although it feels > like it, I'm aware there isn't any isolation between those vaults > when they are both open, which i know Qubes will fix that. > > > My Aim; > > Certain domains i.e. personal, & work, to have documents sync'd > offsite as I'm currently doing, still keeping isolation between > them all and having all data encrypted at transmission & rest. > > Concern / Questions; ways i can think of, however open to > recommendations / suggestions) > > 1. Cryptomator & Dropbox within each domain. - that seems wasteful > having all files sync within each domain. Yes. > - doesn't that also brake the isolation? Yes (arguably at least partially, depending on whether you, e.g., open the same files in both domains). > 2. Dropbox domain which someone shares files across then local > domain just runs the Cryptomator? - is that even do-able? Yes, but it might be a hassle, (or you might have to write your own qrexec tools to make it not-a-hassle). > - am i braking isolation by sharing files? Depends on your habits and workflow. Opening the same files in multiple domains can break isolation in this way. > 3. sync'd files domain, which has both Dropbox & Cryptomator which > the vault is shared personal to personal-vm, and business to > business-vm, etc. - again is that even doable - and again is that > braking isolation as well? > Sorry, I don't understand this scenario. Please try explaining it more clearly. > > really looking forward to anyone's help on the mater. > > regards and thank you in advanced. > > > p.s. I'm new / green as, stating to migrate away from windows 10, > (i know terrible) just awaiting a USB WiFi i've ordered which I > believe will make my laptop compatible so i can jump ship. > > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXZq7fAAoJENtN07w5UDAwlOEQAKnMpnu1FspFMdT6orHG1Vwx JBeMH0gHA2Y2vxdeREiS/hBc+XTqFeHWWLP7p3pvbyU69RjcXl1LSg4jciH9mhr7 /xxH6G8WZzGi0NIh7vF4RYq7gfG69SJA3GRNyO5Wl6Su/MRmBGJksEGCW4UJtjUW mt+u3ccCn3G0WyXGvcuNhyz5s+T7lvSOEKeeL9Jd59wltKyrRctoc1FlboqI9yvu Cg4Ce4CpLxVCiGAN7Y9Sj0tFww5nDePG4QH3FY/xgZI/vItgTz8eUfbWBIbXpS+K wPAjLJ0CK05BXb13G4LG5CHwf679L0AVXCcwuNpvkswx2XHG06FISL5MIFYA/eFK Iv/F1uNi0UU5RGN1cB4PagXuABOQQXtcpRgY4Y1x9rnjLQGH8hIbL7dQKz3TQ8d/ Cx1WF/v5rVtiv4fEi3d9BtqDE7/Umv5sMxKD9/YZTOcC8MaJp7MdUnX7Vc5Mds55 89A3fq7GRoLjXmbbmFS9HL5Fx8eV75hVjNjYmShP5Kn42yU6vXW2GXWs4D5dfKsU 10izXBVxJcCOgGnQNLxMAAsNpM2dTriV8FJQK29FfhD114TS2vaP+5WlR62az9gO RXe8EbY9L9F4pKG8OEsSng9xqVOCMU6dUAenpdzxJyQ3yZx367OnU5RJ8yhgxw2z ty/NfakNnl2gRzjWk7+7 =ri5J -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b6b6e9f-3570-7dc7-43c8-50e5a9d3f7bb%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
