New Mega Storage Service Answers Crypto Criticisms

Kim Dotcom’s Mega cloud storage service claims bulletproof encryption, to the point where even the Website’s own operators can’t access your data without your password. But is that security as tight as advertised?

Mega, a sanitized version of Megaupload (a similar site run by Dotcom, before the FBI shut it down), offers 50GB of free online storage for users in addition to paid tiers. Despite its security claims, some reviews of the Website have suggested it’s not an ultra-impregnable fortress—driving Mega’s creators to respond via a Jan. 23 blog posting.

According to Mega, relies on 2048-bit encryption, while the static site, https://* uses 1024-bit encryption:

“All active content loaded from these ‘insecure’ static servers is integrity-checked by JavaScript code loaded from the ‘secure’ static server, rendering manipulation of the static content or man-in-the-middle attacks ineffective… The only reason why HTTPS is supported/used at all is that most browsers don’t like making HTTP connections from HTTPS pages. And, using more than 1024 bit would just waste a lot of extra CPU time on those static servers.”

“A piece of JavaScript coming from a trusted, 2048-bit HTTPS server is verifying additional pieces of JavaScript coming from untrusted HTTP/1024-bit HTTPS servers,” the site added. As a result of that, Mega claims it can host “integrity-sensitive static content” on geographically diverse servers without worrying about security.

Mega stores its key for encrypting user files on its servers; for now, if you forget the password, those files will remain encrypted and thus unusable, with two exceptions: either friends “share” your own files with you, or you previously exported file keys.

In the future, Mega will add password reset mechanisms, but only to log back into the account. A password change feature will also be implemented.

The way in which Mega’s key is encrypted is still “pseudorandom,” i.e., using some random entropy generated by a user’s mouse to add randomness to the key; in the future, at least in theory, users will have the ability to add more entropy manually before the key stage. Mega also de-duplicates files, but only on the encrypted file itself—so if a file is copies to two separate folders or shared, the reference points back to a single file.

Mega’s filesystem enhancements include storing all encrypted block MACs on the server after an upload (which opens the door to integrity-checked partial reading); it’s also enabled the forking of encrypted time-stamped delta file support, to allow for random writing to existing files with full rollback capability.

Mega isn’t the first cloud storage provider, nor will it be the last. But as one with roots that go back into some legally questionable activities, it will be worth watching to see how the Website evolves in coming months. In some ways, Mega isn’t that different than FIPS-compliant secured servers—it’s just that, depending on your perspective, the good guys and the bad guys may be on different sides of the firewall.


Image: Mega