The Realm of the Verbal Processor

Jarvis's Ramblings

Online Backup…encryption

While talking with a friend about the combination of Amazon S3 and JungleDisk, he asked me a simple question…”who holds the encryption key”. Basically the concern is that if the encryption key is known by or obtainable by someone, then the encryption is worthless. It got me thinking and doing a little digging.

By default JungleDisk uses the “Secret Access Key” from your Amazon S3 account. It’s long hairy and convoluted…very secure…but it is also a key controlled by and viewable by Amazon. And since the encryption key is essentially the keys to the kingdom…I don’t want anyone other than me and my wife to know it.

Therefore…I deleted the 5.5GB that I had already uploaded…changed the encryption key…and restarted the upload.

Big thanks to Tim for asking the right question.

Related post: Online Backup.

Advertisements

October 11, 2007 Posted by | tech | 3 Comments