I’m concerned

only RC4 encryption is used for the webservice?

Hello Jotta,

I really have to say I'm a bit concerned, because the SSL encryption for the web interface only use the RC4 algorithm (which is not secure anymore). I think a cloud storage is really something were any compromises in terms of security are not an option and should be state of the art. Anyhow, do you provide forward secrecy?

http://en.wikipedia.org/wiki/Forward_...

https://www.schneier.com/blog/archive...
http://blogs.technet.com/b/srd/archiv...

The FAQ says that Jotta uses 256bit AES encryption, I guess that is only for the client then?

Anyhow, this makes me really concerned if there are more weak parts in the security concept in general. Since it's not open source are there any external reviews/penetration test regarding the security?

I would be happy if you (Jotta) could say something about that and would provide more transparency in this regard. I like Jotta cloud and I also trust you as a company (that's the reason I chose jottra cloud over dropbox), but knowledge is better than trust.

Best regards and have a good day!
2 people have
this question
+1
Reply