Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Mega's New Encrypted Cloud May Be Full Of Holes (

Sparrowvsrevolution writes: Kim Dotcom's embattled company Mega relaunched over the weekend with a new promise that the upload service would encrypt all user data end-to-end. But the crypto community has started auditing Mega's code, and the response has generally been a collective facepalm. Among the problems in Mega's crypto implementation: It uses only browser-based encryption, which has generally been dismissed as insecure and would allow Mega or anyone who breaks its SSL to read users' plaintext at any time; It has no mechanism for allowing users to change a compromised password without losing access to their data permanently; It uses weak 1024-bit encryption keys in certain places, and several other potential problems.

Some in the security community have pointed out that Mega's intentions may not be legitimate security so much as plausible deniability--It only needs enough encryption to claim it can't see whether its users are uploading copyrighted content. But users should nonetheless wary of the site's inflated security claims.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Mega's New Encrypted Cloud May Be Full Of Holes

Comments Filter:

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (3) Ha, ha, I can't believe they're actually going to adopt this sucker.