Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Mega

Wayne Moore wmoore at stanford.edu
Mon Jan 21 11:38:27 PST 2013


This seems like a reasonable analysis of the problems

http://arstechnica.com/business/2013/01/megabad-a-quick-look-at-the-state-of-megas-encryption/

I was finally able to create an account but not upload anything.
Obviously with all the publicity the servers are getting hammered.

In addition to the weak generation of the RSA keys for the user there
are mumblings about deduplication that raise serious questions.

On 1/21/2013 11:14, Steve Weis wrote:
> Mega is using server-side Javascript for crypto, so you're trusting
> them just like you'd trust Dropbox. 
>
> Other people have reported issues with their implementation, including
> using weak randomness. I skimmed through their implementation and
> found some portions that indicate they don't know what they're doing,
> specifically how they're handling authenticated encryption.
>
> I wouldn't use Mega in it's current form.
>
> On Mon, Jan 21, 2013 at 4:06 AM, Sam de Silva <sam at media.com.au
> <mailto:sam at media.com.au>> wrote:
>
>     I wonder if there's any feedback from this list on Kim Dotcom's
>     Mega project - www.mega.co.nz <http://www.mega.co.nz>
>
>     Can it be the secure alternative to Dropbox?
>
>
>
>
>
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

-- 
Necessity is the plea for every infringement of human freedom.
It is the argument of tyrants; it is the creed of slaves.

    William Pitt (1759-1806)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130121/c4439fe4/attachment.html>


More information about the liberationtech mailing list