5

We work with a lot of proprietary information that we do not want compromised. Is jungledisk any more or less secure than say backing up to a tape drive and using Iron Mountain's off-site storage?

I know JD totes this AES-256, but I still believe it is only as secure as the sysadmins at the S3 Datacenters. But then again your offsite Iron Mountain storage tapes are under the same risk. It's only as secure as the people holding your tapes are.

What are your thoughts on this?

Physikal
  • 570
  • 2
  • 9
  • 22

4 Answers4

5

If the data is encrypted, and the encryption is implemented correctly, and there are no trojans on your PC or in jungle-disk that are stealing your encryption key, then the data should be perfectly safe against compromise at the remote site. So as long as you trust your PC and trust the JD code, then you have nothing to worry about. Also, you're probably over-valuing your data. My guess is even if your data was unencrypted, Amazon (who runs S3) wouldn't care one bit about it.

davr
  • 1,729
  • 3
  • 14
  • 24
  • We use Jungledisk to back up our servers and encrypt the payload so it is encrypted at rest. The connection to the servers is encrypted with SSL, so the payload is secure in transit. So long as the code does what it says you are safe. – steve.lippert Feb 12 '10 at 20:10
  • I personally use JungleDisk + Rackspace. Along with the Username and password, you can add a specific "drive" password to your online drives. There is no way for JungleDisk to recover that, since it is your "salt" for your encrypted data. JungleDisk will release source code to you http://www.jungledisk.com/downloads/personal/desktop/releasenotes.aspx and if you have further questions just drop them a support ticket or tweet on Twitter. – Urda Feb 12 '10 at 20:49
3

You can set up the JungleDisk software to encrypt your files before they leave the computer. And you will have the only passkey - no one else will be able to get into your files without the passkey, not even you. If you do this, keep the passkey in a safe place!

Grant Palin
  • 342
  • 2
  • 3
  • 18
2

Depends on HOW private this information is supposed to be. AES-256 is only as strong as 1. The attack NOT knowing any reliable string of information within the encrypted files and 2. How long is the passcode.

Even still, Data criminals as a whole have the upper hand against sysadmins - Especially in large organizations. If Northrop-Grumman, eEye, Core SDI, Google (et al.) can be broken into, So can S3. It doesn't matter if you're using SSL at that point because the attacks already have your private key.

zetavolt
  • 1,352
  • 1
  • 8
  • 12
2

If you have a compliance requirement or really care about your data, you should be using an encryption solution that is FIPS-140 validated. JungleDisk is not.

Encryption is great, but the implementation of encryption is as critical as the algorithm -- any mistake in JungleDisk's implementation of encryption puts your data at risk.

duffbeer703
  • 20,077
  • 4
  • 30
  • 39