By continuing to use this site, you agree to our updated Privacy Policy and Terms of Use. ×

Best Practices for Decentralizing Information

27th April, 2018 | Data Security | Entropic

In our previous article, we discussed how the fortress mindset has influenced how we instinctively protect information. Today, encryption and authentication are the foundation of how we secure information that is holistically stored in one location - the fortress.

If an attacker knows that all of the information they seek is holistically secured in one place, their motivation to break through the barriers that protect this place becomes very high. Over time, both encryption and authentication have had to adapt to contend with evolving attack techniques, many of which exploit vulnerabilities arising from the need to balance security with convenience for the user.

One example of this evolution is the gradual deployment of two-factor authentication (2FA), which boosts authentication capabilities by requiring additional checks from the user, before allowing access to the secured information. An overview of two-factor authentication by Bennett Garner is originally posted on

What is Decentralization?


When it comes to securing stored information, decentralization is an alternative approach to encryption. Decentralizing information ensures that when it is neglected or stolen, it is far less likely to be reverse-engineered, or "cracked" over time.

Decentralization involves separating, or more specifically delinearizing, the fabric of data into protected volumes (also referred to as shards) that are stored across two or more separate locations, or storage sites. If one storage site is compromised, the attacker gets meaningless delinearized data, which cannot be reverse engineered without having the remaining protected volumes from the other storage sites.

We can delinearize information on a blockwise or a bitwise level, into a series of nonlinear protected volumes. For increased security, these volumes may be encrypted either before or after breaking them up. Following this, the protected volumes can be transferred to, and stored across a series of two or more separated storage sites.

Bitwise Delinearization

Because delinearized volumes cannot be reverse engineered, we can more confidently use Internet-connected storage services, or other places that we might not have trusted previously.

Best Practices

While most of us are familiar with using encryption in one manner or another, the concepts behind decentralization of information require a change in mindset. You are no longer storing all of your information in one place. Instead, a file that is delinearized for instance, has it's fabric spread out across multiple places.

For this reason, we have prepared a list of best practices to help you safely use this type of information security. To keep things simple, in our discussion below we'll use files as a familiar unit for information that needs to be protected, and we'll assume that you are using Panwrypter to protect them.

After delinearizing your files into protected volumes, it is crucial to store them separately, at their designated storage sites. Never store all of your protected volumes in one place.

The physical separation of your protected volumes is the most important principle for this type of information protection. Properly separating your volumes across separate storage sites means an attacker needs to not only know about, but also gain access to all of your storage sites before your original files can be accessed.

If the files you are protecting are very important or sensitive, consider using a higher number of storage sites, such as four. If the files are not as critical, you can use the minimal number of two storage sites.

The number of storage sites you use to protect your files represents the number of places that need to be compromised by an attacker, before they can gain access to all of your original protected volumes. While choosing more storage sites dramatically increases the security of your files, it also makes it less convenient to access your protected files when you need to, since you need to transfer to, or collect back your protected volumes from all of your storage sites.

Select storage sites that are reliable and will not cause the loss of your protected volumes. While decentralization can protect your secured files against theft, the protected volumes aren't protected against loss. More considerations about selecting storage sites.

Choosing the wrong storage site might result in losing a protected volume, which will prevent you from recovering your original files.

Establish backup storage sites so that if you have any problems accessing your protected volumes from one storage site, you can retrieve redundant volumes from another.

There are many reasons why your protected volumes at one storage site may not be available. This might happen for instance, if you lose account access to your online storage provider, or if it goes out of business. Another example is if the protected volumes at one site are corrupted or erased.

For significantly increased security, air gap one of your storage sites by copying the protected volumes for a storage site to storage media that is not Internet-connected. For instance, you could use Google Drive for one storage site, and treat a USB or Blu-ray as another.

Air gapping one storage site means that an attacker will require physical access to this storage site before they can recover all of your protected volumes. If at least one of your protected volumes cannot be accessed, an attacker will be unable to recover your original information. If all of your storage sites are Internet-connected, there is always a chance that these sites could be compromised over time.

Find a way to remember the details of your storage sites that you used to protect your files. Though it might seem convenient, avoid the temptation to store information about your storage sites on any type of Internet-connected device - ex: smart phone, tablet, or PC.

If you need to restore your protected files at a later time, you may not be able to recall the locations of your storage sites. If this happens, you won't be able to recover your original information. Storing information about your storage sites on an Internet-connected device, leaves it open to eventual theft from a cyber-attack.


Panwrypter provides you with flexible options to achieve these best practices, allowing you to secure your files on your own terms, while traveling, for sharing, or just for safekeeping. Panwrypter can be downloaded from the Mac App Store. For more information, please refer to our tutorials and how it works references.