The Best Alternative to Encrypt Your Sensitive Data in the Cloud: Boxcryptor vs. Cryptomator

Boxcryptor and the alternative Cryptomator serve the same purpose: to secure your privacy while conveniently storing data in the cloud. What exactly is the difference between them? And which suits your needs better? Find out here.

Cryptomator is constantly analysed by experts using modern tools.

You want your sensitive data to be secure in the cloud. But so far, no encryption solution has been able to convince you?

Maybe you are looking for a free alternative to Boxcryptor, maybe you are missing relevant features in Boxcryptor, or maybe independence and freedom through free software is important to you.

Whatever it is – you will find answers to your questions here.

In this article, we introduce you to Cryptomator, an alternative to Boxcryptor, and explain the similarities and differences.

We compare the following criteria in this article:

  • “Visible” features
  • “Invisible” features or security-relevant criteria

A Word in Advance

As you have probably already noticed, this is written by the developers of Cryptomator. Perhaps you are wondering how neutral a comparison with Boxcryptor can be. A fair question.

Our goal is not to convince you that Cryptomator is the best alternative to Boxcryptor the world has ever seen. It is important to us that you can make up your own mind, which is why we will also explain when Boxcryptor is the better alternative for you.

About Cryptomator

We developed Cryptomator because we were not convinced by existing encryption software and wanted an alternative to Boxcryptor.

The crux with other cloud encryption providers was:

  • Either they were easy-to-use, but, for example with Boxcryptor, they were so-called “closed-source software” …
  • … or they pursued an open-source approach, but did not convince us in terms of user-friendliness.

If you’re wondering what “open source” and “closed source” are all about, don’t worry: We’ll explain what they mean and why closed-source software can be a disadvantage.

(To say it right up front: Closed source does not mean that it is bad per se. But in the context of data encryption, you should not underestimate the issue of transparency – which closed-source software does not offer).

The Big Difference: Cryptomator Is an Open-Source Software and Therefore More Transparent

The security-conscious customer opts for products whose composition and quality he can check. Non-verifiable alternatives seem shady.

And this brings us to the big difference between Cryptomator and Boxcryptor: Cryptomator is open-source software, Boxcryptor is closed-sourced software.

With open-source software, many eyes have a scrutinizing look at the heart of the encryption software, i.e. the source code. So they can look to see if the source code actually does what the encryption algorithm says it does. And that is exactly what makes the encryption even more secure.

The security of the algorithm is thus not only checked by official audits, but also by a broad community that quickly uncovers vulnerabilities. The verification of the code is not limited by time or personnel resources or agreements.

Additionally, the code is completely accessible. No chance to have only a part of the code audited for marketing purposes or to hide security vulnerabilities.

So you don’t see the strengths of open-source encryption software at first glance. The advantages lie in security-relevant criteria in the background.

Continue reading here if you want to learn more about data security and open-source software:

Encrypt your data securely in the cloud: How you can further increase your data security through open source.

Comparison of Boxcryptor and Cryptomator Features

While Cryptomator concentrates on its core task (encryption of cloud storage), Boxcryptor scores points when it comes to integration with other services from Secomba.

General Features

Let’s now compare the visible features. The following table shows you the similarities and differences between the two encryption software solutions:

Unlimited number of devices
in Boxcryptor with costs
No account needed
Opt-in for local account; default settings store your key on Boxcryptor server
Direct file sharing ("integrated sharing")
Restore password without email address ("offline key recovery")
Your data is not stored in mails with an email account provider, which further increases security.
Detection of sync conflicts while editing by several people
Support for all common operating systems
Windows, macOS, Linux, Android, iOS

Windows, macOS, Android, iOS

no Linux

Security-Relevant Features

As already described at the beginning, the big difference between Boxcryptor and Cryptomator is invisible, because you do not see the open-source and security-relevant features in everyday life.

Let’s now take a look at these features. For this we compare the features again as a table:

File Content Encryption

What does that mean?

No one can read the file content without authorization.

Why is this important for data security?

This is the basic requirement for taking your right to privacy into your own hands.

File Name Encryption
in Boxcryptor with costs and optional

What does that mean?

No one can recognize the file name without authorization.

Why is this important for data security?

Metadata like the file name reveal more about you than you think. File extensions can be used to create a profile of the data you use. In the worst case, even if the file content is encrypted, the name "Human Rights Violations Report.docx" could get you into trouble at the wrong airport.

File Attribute Encryption
planned

What does that mean?

No one gets access to additional file attributes.

Why is this important for data security?

Some third-party software may store metadata about your file in its file attributes. If these are not encrypted, anyone can read them and even manipulate them to force your operating system to behave in certain ways.

Free & Open-Source Software (FOSS)

What does that mean?

The source code is accessible to a broad community, which increases the security of the encryption.

Why is this important for data security?

The security of a system must depend solely on the key and must not be based on the secrecy of the algorithms. Since the encryption algorithm is controlled and discussed by a broad community, vulnerabilities or errors in the code are quickly detected.

Directory Obfuscation

What does that mean?

The encrypted directory structure does not correspond to the actual or unencrypted directory structure.

Why is this important for data security?

When saving, some applications create several files that are stored in certain structures. If these structures are still recognizable in the encrypted state, an attacker can draw conclusions about the type of data despite encryption.

Integrity Protection

What does that mean?

Since encryption does not immediately protect against manipulation of the data, unauthorized modification of the data must be detected.

Why is this important for data security?

To protect yourself from a variety of sophisticated attacks, the integrity of your encrypted data must be verified before you decrypt it. If this does not happen, it is conceivable that manipulated data could be injected, which you could then open unnoticed. (In the worst case, this can even be used by attackers to crack the encryption.)

Quantum-Resistant Cryptography

What does that mean?

The encryption algorithms used are still secure even if the attacker has quantum computers.

Why is this important for data security?

Some encryption methods are based on mathematical problems that are normally difficult to calculate. For quantum computers, however, they are much less complex. If an attacker has access to a corresponding quantum computer, the encryption of your data is de facto ineffective.

Audited Cryptography

What does that mean

The encryption code is examined by independent experts.

Why is this important for data security?

Audits focusing on cryptographically relevant code can be an important element of quality control, provided the auditor has enough time and does not just get a cursory overview.

Memory-Hard KDF

What does that mean?

The key derivation function (KDF) is used to derive the cryptographic key from the password you enter. This function must be as complex as possible to prevent bruteforce attacks (randomly trying out combinations of characters).

Why is this important for data security?

To derive your key from your password, a computer needs 200ms. That sounds short, but it quickly adds up to astronomically high times if an attacker has to try all conceivable passwords. Attackers could, however, use special hardware (so-called ASICs) to try hundreds of thousands of possibilities simultaneously.

To prevent this, KDFs are used that are memory-intensive ("memory-hard"), i.e. they require a particularly large amount of memory. This makes an attack disproportionately costly and thus unattractive for the attacker.

Sharing Without Disclosing Passwords

What does that mean?

Ideal for team use of the cloud storage: Each team member can use an individual password – yet you still have access to the encrypted data.

Why is this important for data security?

Individual passwords in larger teams increase security. On the one hand, because sharing a password poses a risk depending on the communication channel. On the other hand, because passwords that are shared are often weaker (because easier to remember).

Conclusion: When Boxcryptor or Cryptomator Is the Right Alternative for You

Now you know the differences between Boxcryptor and its alternative Cryptomator. Draw your own conclusions:

Check whether the advantages of open-source software and thus the security-relevant criteria are important to you. If you like the approach of Cryptomator, it could be the more suitable alternative for you.

Perhaps the features provided by Boxcryptor are sufficient for you? Then you can decide according to your personal preference.

Would you like to test Cryptomator as an alternative to Boxcryptor?

Cryptomator secures your personal files in the cloud and can be used without an account. Cryptomator Hub manages team access and is ideal for teams and organizations.

Get Started With Cryptomator