Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Mega's New Encrypted Cloud May Be Full Of Holes->

Submitted by Sparrowvsrevolution
Sparrowvsrevolution (1926150) writes "Kim Dotcom's embattled company Mega relaunched over the weekend with a new promise that the upload service would encrypt all user data end-to-end. But the crypto community has started auditing Mega's code, and the response has generally been a collective facepalm. Among the problems in Mega's crypto implementation: It uses only browser-based encryption, which has generally been dismissed as insecure and would allow Mega or anyone who breaks its SSL to read users' plaintext at any time; It has no mechanism for allowing users to change a compromised password without losing access to their data permanently; It uses weak 1024-bit encryption keys in certain places, and several other potential problems.

Some in the security community have pointed out that Mega's intentions may not be legitimate security so much as plausible deniability--It only needs enough encryption to claim it can't see whether its users are uploading copyrighted content. But users should nonetheless wary of the site's inflated security claims."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Mega's New Encrypted Cloud May Be Full Of Holes

Comments Filter:

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.