The Realm of the Verbal Processor

Jarvis's Ramblings

Online Backup…encryption

While talking with a friend about the combination of Amazon S3 and JungleDisk, he asked me a simple question…”who holds the encryption key”. Basically the concern is that if the encryption key is known by or obtainable by someone, then the encryption is worthless. It got me thinking and doing a little digging.

By default JungleDisk uses the “Secret Access Key” from your Amazon S3 account. It’s long hairy and convoluted…very secure…but it is also a key controlled by and viewable by Amazon. And since the encryption key is essentially the keys to the kingdom…I don’t want anyone other than me and my wife to know it.

Therefore…I deleted the 5.5GB that I had already uploaded…changed the encryption key…and restarted the upload.

Big thanks to Tim for asking the right question.

Related post: Online Backup.

October 11, 2007 - Posted by | tech


  1. I thought of that, and should have mentioned it to you. The most sensitive data that I’m copying up there is in a TrueCrypt vault anyway.

    Comment by Karl Kranich | October 12, 2007

  2. Which is why I like PGP’s self-decrypting archive option – based on a random key generated on my local machine. It also allows me to open encrypted files on a machine that doesn’t have PGP installed. Whatever online backup option you choose, I would always suggest encrypting your data (preferably from a separate program) before uploading it anyway. Amazon may have my data, but they’ll never be able to read it.

    Comment by Philip | October 16, 2007

  3. The PGP option is definitely great for some purposes. It seems to be ideal if you are wanting to secure data that you are backing up to HD/CD/DVD. If you are uploading to an online service where you pay for upload as well as storage (thinking of S3’s service…granted it is still a small upload charge), that may not be as good of an option. With the programs I have looked at (JungleDisk and S3Backup), it encrypts each file individually before upload. Then when you modify a file, it only has to upload that file. If using a PGP SDA, you would have to add the modified file to the SDA, and then upload the entire SDA. Depending on the size of the SDA, that could take a very long time. I think it took me over two days to upload my 11gig worth of data this week.

    However…all that said…the PGP option is very good for certain uses. I have attempted to use it before, but ran into issues where it would create the SDA, but simply would not add the Excel spreadsheet to the file. No idea why, so I basically gave up. I know Philip has used it a lot with great success…I just had issues that I didn’t take the time to overcome.

    Comment by Jarvis | October 17, 2007

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: