The Best Alternative to Encrypt Your Sensitive Data in the Cloud: Boxcryptor vs. Cryptomator
Boxcryptor and the alternative Cryptomator serve the same purpose: to secure your privacy while conveniently storing data in the cloud. What exactly is the difference between them? And which suits your needs better? Find out here.
You want your sensitive data to be secure in the cloud. But so far, no encryption solution has been able to convince you?
Maybe you are looking for a free alternative to Boxcryptor, maybe you are missing relevant features in Boxcryptor, or maybe independence and freedom through free software is important to you.
Whatever it is – you will find answers to your questions here.
In this article, we introduce you to Cryptomator, an alternative to Boxcryptor, and explain the similarities and differences.
We compare the following criteria in this article:
- “Visible” features
- “Invisible” features or security-relevant criteria
A Word in Advance
As you have probably already noticed, this is written by the developers of Cryptomator. Perhaps you are wondering how neutral a comparison with Boxcryptor can be. A fair question.
Our goal is not to convince you that Cryptomator is the best alternative to Boxcryptor the world has ever seen. It is important to us that you can make up your own mind, which is why we will also explain when Boxcryptor is the better alternative for you.
About Cryptomator
We developed Cryptomator because we were not convinced by existing encryption software and wanted an alternative to Boxcryptor.
The crux with other cloud encryption providers was:
- Either they were easy-to-use, but, for example with Boxcryptor, they were so-called “closed-source software” …
- … or they pursued an open-source approach, but did not convince us in terms of user-friendliness.
If you’re wondering what “open source” and “closed source” are all about, don’t worry: We’ll explain what they mean and why closed-source software can be a disadvantage.
(To say it right up front: Closed source does not mean that it is bad per se. But in the context of data encryption, you should not underestimate the issue of transparency – which closed-source software does not offer).
The Big Difference: Cryptomator Is an Open-Source Software and Therefore More Transparent
And this brings us to the big difference between Cryptomator and Boxcryptor: Cryptomator is open-source software, Boxcryptor is closed-sourced software.
With open-source software, many eyes have a scrutinizing look at the heart of the encryption software, i.e. the source code. So they can look to see if the source code actually does what the encryption algorithm says it does. And that is exactly what makes the encryption even more secure.
The security of the algorithm is thus not only checked by official audits, but also by a broad community that quickly uncovers vulnerabilities. The verification of the code is not limited by time or personnel resources or agreements.
Additionally, the code is completely accessible. No chance to have only a part of the code audited for marketing purposes or to hide security vulnerabilities.
So you don’t see the strengths of open-source encryption software at first glance. The advantages lie in security-relevant criteria in the background.
Continue reading here if you want to learn more about data security and open-source software:
Comparison of Boxcryptor and Cryptomator Features
While Cryptomator concentrates on its core task (encryption of cloud storage), Boxcryptor scores points when it comes to integration with other services from Secomba.
General Features
Let’s now compare the visible features. The following table shows you the similarities and differences between the two encryption software solutions:
Cryptomator | Boxcryptor | |
---|---|---|
Unlimited number of devices |
in Boxcryptor with costs
|
|
No account needed |
Opt-in for local account; default settings store your key on Boxcryptor server
|
|
Direct file sharing ("integrated sharing") | ||
Restore password without email address ("offline key recovery")
Your data is not stored in mails with an email account provider, which further increases security.
|
||
Detection of sync conflicts while editing by several people | ||
Support for all common operating systems |
Windows, macOS, Linux, Android, iOS
|
Windows, macOS, Android, iOS no Linux |
Security-Relevant Features
As already described at the beginning, the big difference between Boxcryptor and Cryptomator is invisible, because you do not see the open-source and security-relevant features in everyday life.
Let’s now take a look at these features. For this we compare the features again as a table:
Cryptomator | Boxcryptor | |
---|---|---|
File Content Encryption | ||
What does that mean? No one can read the file content without authorization. Why is this important for data security? This is the basic requirement for taking your right to privacy into your own hands. |
||
File Name Encryption |
in Boxcryptor with costs and optional
|
|
What does that mean? No one can recognize the file name without authorization. Why is this important for data security? Metadata like the file name reveal more about you than you think. File extensions can be used to create a profile of the data you use. In the worst case, even if the file content is encrypted, the name "Human Rights Violations Report.docx" could get you into trouble at the wrong airport. |
||
File Attribute Encryption |
planned
|
|
What does that mean? No one gets access to additional file attributes. Why is this important for data security? Some third-party software may store metadata about your file in its file attributes. If these are not encrypted, anyone can read them and even manipulate them to force your operating system to behave in certain ways. |
||
Free & Open-Source Software (FOSS) | ||
What does that mean? The source code is accessible to a broad community, which increases the security of the encryption. Why is this important for data security? The security of a system must depend solely on the key and must not be based on the secrecy of the algorithms. Since the encryption algorithm is controlled and discussed by a broad community, vulnerabilities or errors in the code are quickly detected. |
||
Directory Obfuscation | ||
What does that mean? The encrypted directory structure does not correspond to the actual or unencrypted directory structure. Why is this important for data security? When saving, some applications create several files that are stored in certain structures. If these structures are still recognizable in the encrypted state, an attacker can draw conclusions about the type of data despite encryption. |
||
Integrity Protection | ||
What does that mean? Since encryption does not immediately protect against manipulation of the data, unauthorized modification of the data must be detected. Why is this important for data security? To protect yourself from a variety of sophisticated attacks, the integrity of your encrypted data must be verified before you decrypt it. If this does not happen, it is conceivable that manipulated data could be injected, which you could then open unnoticed. (In the worst case, this can even be used by attackers to crack the encryption.) |
||
Quantum-Resistant Cryptography | ||
What does that mean? The encryption algorithms used are still secure even if the attacker has quantum computers. Why is this important for data security?
Some encryption methods are based on mathematical problems that are normally difficult to calculate. For quantum computers, however, they are much less complex. If an attacker has access to a corresponding quantum computer, the encryption of your data is de facto ineffective. |
||
Audited Cryptography | ||
What does that mean The encryption code is examined by independent experts. Why is this important for data security? Audits focusing on cryptographically relevant code can be an important element of quality control, provided the auditor has enough time and does not just get a cursory overview. |
||
Memory-Hard KDF | ||
What does that mean? The key derivation function (KDF) is used to derive the cryptographic key from the password you enter. This function must be as complex as possible to prevent bruteforce attacks (randomly trying out combinations of characters). Why is this important for data security?
To derive your key from your password, a computer needs 200ms. That sounds short, but it quickly adds up to astronomically high times if an attacker has to try all conceivable passwords. Attackers could, however, use special hardware (so-called ASICs) to try hundreds of thousands of possibilities simultaneously. To prevent this, KDFs are used that are memory-intensive ("memory-hard"), i.e. they require a particularly large amount of memory. This makes an attack disproportionately costly and thus unattractive for the attacker. |
||
Sharing Without Disclosing Passwords |
currently only for white labels
|
|
What does that mean? Ideal for team use of the cloud storage: Each team member can use an individual password – yet you still have access to the encrypted data. Why is this important for data security? Individual passwords in larger teams increase security. On the one hand, because sharing a password poses a risk depending on the communication channel. On the other hand, because passwords that are shared are often weaker (because easier to remember). |
Conclusion: When Boxcryptor or Cryptomator Is the Right Alternative for You
Now you know the differences between Boxcryptor and its alternative Cryptomator. Draw your own conclusions:
Check whether the advantages of open-source software and thus the security-relevant criteria are important to you. If you like the approach of Cryptomator, it could be the more suitable alternative for you.
Perhaps the features provided by Boxcryptor are sufficient for you? Then you can decide according to your personal preference.