Security of private ipfs network

When running a private ipfs node with a private swarm key in the cloud, is it reasonably safe to leave port 4001 open to the internet?

We want to use ipfs to redistribute assets within our company.

We have already created a private ipfs network spanning a local machine and some android devices (i386 as well as arm). Other than some android issues, it was very straightforward.

It would be very convenient to have a cloud-based node that is reachable over the internet. However, I am a bit unsure about the security implications.

Can somebody point me to some documentation describing how the swarm key is used? If it is very insecure, we could always do this via an ssh tunnel. But I would like to avoid that.

Sounds cool! It’s fine to leave this port open. You can read a spec in - it’s needs a few cosmetic changes, but is otherwise accurate and reflects what go-ipfs currently does.

Thanks a lot for the quick answer.

So it is using the well-known cipher Salsa20 in a pretty straightforward way. My conclusion is that we can leave the port open as long as we have a secure way to distribute the shared secret (we have that).