Re:Security hole 1, Kim Dotcom (Score 2)

Nevermind where the keys are generated. Obviously all of the pertinent keys are stored server-side. How else can you move to a new computer and still access all of your data with just your Mega login and password? Basically your password is the key. And the password security is abysmal. During signup, the confirmation link that they send you contains a hash of your login password, among other things. There is a password cracker program freely available that will recover your password from this hash value in a matter of a short while. Obviously they have all of this information stored (they're the ones who sent you the confirmation email, they're the ones who validate your password day-to-day when you login). So their claim that they can't access your data or be compelled to turn over your data is just nonsense. The encryption is basically a toy because it's designed incorrectly. It's not just FUD.