Is up/dowload to online storage secure?
August 3, 2008 4:08 AM Subscribe
For secure online storage, is the upload/download also secure?
I want to nuke my laptop data and store it all online then access my files securely wherever I travel. There are at least six good AskMe threads about secure online storage (main recommendations are Mozy and Jungle Disk-to-Amazon S3). But what I want to know is: how secure is the upload/download? A stupid question perhaps. What good would secure storage be without secure transmission? But I can find a clear answer.
If I sign up for Mozy, Jungle Disk or another online storage provider, are my uploads and downloads encrypted?
I want to nuke my laptop data and store it all online then access my files securely wherever I travel. There are at least six good AskMe threads about secure online storage (main recommendations are Mozy and Jungle Disk-to-Amazon S3). But what I want to know is: how secure is the upload/download? A stupid question perhaps. What good would secure storage be without secure transmission? But I can find a clear answer.
If I sign up for Mozy, Jungle Disk or another online storage provider, are my uploads and downloads encrypted?
Response by poster: Thanks, yes, I read that but wasn't sure if "stored on S3" meant stored locally before transmission but, re-reading it, I guess it's pretty clear that it means the former. I need to learn what "stored on S3" means.
posted by mono blanco at 5:25 AM on August 3, 2008
posted by mono blanco at 5:25 AM on August 3, 2008
Response by poster: Or does it mean, "prior to uploading to S3, Jungle Disk encrypts your files on your own local PC using 256.bit AES, so that when you transmit those files to AS3 they are already strong-encryted." ? Sorry for the stupidity....
posted by mono blanco at 5:32 AM on August 3, 2008
posted by mono blanco at 5:32 AM on August 3, 2008
Best answer: Yes, Jungle Disk uses your own machine to encrypt your data before uploading to S3. And we're talking about 2 different kinds of encryption: "Note that regardless of whether you enable encryption using a custom key, your data is always encrypted while transmitted over the Internet by using SSL (like your bank web site). Choosing a custom encryption key means that your files will be encrypted while stored on Amazon's servers as well."
posted by Dave 9 at 7:30 AM on August 3, 2008
posted by Dave 9 at 7:30 AM on August 3, 2008
I guess it's an awkwardly worded sentence. They they said "stored on S3" when they meant "to be stored on S3". Also it helps if you remember jungledisk is just an application and not a website since they use Amazon S3 for storage. They should've written:
The Jungle Disk application encrypts files using 256-bit AES prior to uploading them to S3.
posted by sharkfu at 9:37 AM on August 3, 2008
The Jungle Disk application encrypts files using 256-bit AES prior to uploading them to S3.
posted by sharkfu at 9:37 AM on August 3, 2008
Oh, and it appears that Mozy also encrypts your data while transferring:
Is Mozy secure?
Yes. When you use Mozy, your files are encrypted on your computer using 448-bit Blowfish encryption and then transferred to the Mozy servers using 128-bit Secure Socket Layer (SSL) encryption. You have the option of using a Mozy key or your own private key to encrypt your data. Note that if you use your own private key, you must be very careful about not losing it because if you do, we won't be able to help. It's impossible for us to decrypt your data when you use your own key. Most users opt to use the Mozy key, but the choice is entirely yours.
If you're going to transfer a lot of data remember that S3 has data transfer charges in addition to data storage charges.
posted by pombiki at 9:14 PM on August 3, 2008
Is Mozy secure?
Yes. When you use Mozy, your files are encrypted on your computer using 448-bit Blowfish encryption and then transferred to the Mozy servers using 128-bit Secure Socket Layer (SSL) encryption. You have the option of using a Mozy key or your own private key to encrypt your data. Note that if you use your own private key, you must be very careful about not losing it because if you do, we won't be able to help. It's impossible for us to decrypt your data when you use your own key. Most users opt to use the Mozy key, but the choice is entirely yours.
If you're going to transfer a lot of data remember that S3 has data transfer charges in addition to data storage charges.
posted by pombiki at 9:14 PM on August 3, 2008
Response by poster: Thanks. This'll eliminate concerns over laptop theft, officious customs officials, and sneaky authoritarian regimes requiring hotels to steal guest data.
posted by mono blanco at 11:53 PM on August 3, 2008
posted by mono blanco at 11:53 PM on August 3, 2008
someone should probably point out that mozy is for backup, not online storage. it will only store what's already on your computer. backups are dated, so i suppose you could back it up and then delete it.
getting a file via the web from a mozy backup involves submitting a request for the file and waiting for an email that it is available in your account. i just submitted a request for a random 18 kbyte jpg from october 2007 and it took about 2-3 minutes for the email to reach my gmail account.
posted by noloveforned at 9:13 AM on August 4, 2008
getting a file via the web from a mozy backup involves submitting a request for the file and waiting for an email that it is available in your account. i just submitted a request for a random 18 kbyte jpg from october 2007 and it took about 2-3 minutes for the email to reach my gmail account.
posted by noloveforned at 9:13 AM on August 4, 2008
This thread is closed to new comments.
How are my files encrypted with Jungle Disk?
Jungle Disk encrypts files that are stored on S3 prior to uploading them using 256-bit AES. AES is an industry (and government) standard and is one of the most well studied and most secure encryption algorithms available. Jungle Disk uses a unique key for each file, and constructs the key using a HMAC that helps protect against certain attacks. The master key is based on a password you choose which is known only to you and not stored with Jungle Disk or Amazon. Code that demonstrates how data is encrypted/decrypted is available for download on the software download page under the GPL license.
This is why I prefer Jungledisk. Not sure about Mozy...
posted by sharkfu at 4:19 AM on August 3, 2008