How Secure is JungleDisk?

We work with a lot of proprietary information that we do not want compromised. Is jungledisk any more or less secure than say backing up to a tape drive and using Iron Mountain's off-site storage?

I know JD totes this AES-256, but I still believe it is only as secure as the sysadmins at the S3 Datacenters. But then again your offsite Iron Mountain storage tapes are under the same risk. It's only as secure as the people holding your tapes are.

What are your thoughts on this?


Solution 1:

If the data is encrypted, and the encryption is implemented correctly, and there are no trojans on your PC or in jungle-disk that are stealing your encryption key, then the data should be perfectly safe against compromise at the remote site. So as long as you trust your PC and trust the JD code, then you have nothing to worry about. Also, you're probably over-valuing your data. My guess is even if your data was unencrypted, Amazon (who runs S3) wouldn't care one bit about it.

Solution 2:

You can set up the JungleDisk software to encrypt your files before they leave the computer. And you will have the only passkey - no one else will be able to get into your files without the passkey, not even you. If you do this, keep the passkey in a safe place!

Solution 3:

Depends on HOW private this information is supposed to be. AES-256 is only as strong as 1. The attack NOT knowing any reliable string of information within the encrypted files and 2. How long is the passcode.

Even still, Data criminals as a whole have the upper hand against sysadmins - Especially in large organizations. If Northrop-Grumman, eEye, Core SDI, Google (et al.) can be broken into, So can S3. It doesn't matter if you're using SSL at that point because the attacks already have your private key.