Ping a Specific Port

Question

Physikal

Asked: 2010-02-13 10:39:18 +0800 CST2010-02-13 10:39:18 +0800 CST 2010-02-13 10:39:18 +0800 CST

How Secure is JungleDisk?

772

We work with a lot of proprietary information that we do not want compromised. Is jungledisk any more or less secure than say backing up to a tape drive and using Iron Mountain's off-site storage?

I know JD totes this AES-256, but I still believe it is only as secure as the sysadmins at the S3 Datacenters. But then again your offsite Iron Mountain storage tapes are under the same risk. It's only as secure as the people holding your tapes are.

What are your thoughts on this?

4 Answers

Voted

davr · Answer 1 · 2010-02-13T11:13:11+08:00

Best Answer

davr

2010-02-13T11:13:11+08:002010-02-13T11:13:11+08:00

If the data is encrypted, and the encryption is implemented correctly, and there are no trojans on your PC or in jungle-disk that are stealing your encryption key, then the data should be perfectly safe against compromise at the remote site. So as long as you trust your PC and trust the JD code, then you have nothing to worry about. Also, you're probably over-valuing your data. My guess is even if your data was unencrypted, Amazon (who runs S3) wouldn't care one bit about it.

5

Grant Palin · Answer 2 · 2010-02-13T11:32:36+08:00

Grant Palin

2010-02-13T11:32:36+08:002010-02-13T11:32:36+08:00

You can set up the JungleDisk software to encrypt your files before they leave the computer. And you will have the only passkey - no one else will be able to get into your files without the passkey, not even you. If you do this, keep the passkey in a safe place!

3

zetavolt · Answer 3 · 2010-02-13T12:45:58+08:00

zetavolt

2010-02-13T12:45:58+08:002010-02-13T12:45:58+08:00

Depends on HOW private this information is supposed to be. AES-256 is only as strong as 1. The attack NOT knowing any reliable string of information within the encrypted files and 2. How long is the passcode.

Even still, Data criminals as a whole have the upper hand against sysadmins - Especially in large organizations. If Northrop-Grumman, eEye, Core SDI, Google (et al.) can be broken into, So can S3. It doesn't matter if you're using SSL at that point because the attacks already have your private key.

2

duffbeer703 · Answer 4 · 2010-02-13T15:29:04+08:00

duffbeer703

2010-02-13T15:29:04+08:002010-02-13T15:29:04+08:00

If you have a compliance requirement or really care about your data, you should be using an encryption solution that is FIPS-140 validated. JungleDisk is not.

Encryption is great, but the implementation of encryption is as critical as the algorithm -- any mistake in JungleDisk's implementation of encryption puts your data at risk.

2

How Secure is JungleDisk?

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?