Kim Dotcom is offering a prize of € 10,000 ($13,600) for anyone who can break the cryptography of Mega, his recently launched cloud-based storage site. Mega's launch last month was meet by criticism from multiple security researchers. Everything a user uploads is encrypted before it leaves their browser, using a master key that …
And it gets the message across to crackers
"If you crack this we can negotiate up to the point you tell anyone - then its 10k if you get past the collusion accusation"
350lb of self importance
Given your history with the Feds, Mr Kimble, breaking it from the outside isn't really the concen is it? They'll be all over you before you can spell subpoena.
As was covered adequately in your last appearance in the El Reg comments, you can have block deduplication (old news) or you can have unbreakable crypto (old news), but not both. If you've got a way of doing both then stump up with the algorithm. Or just carry on talking yourself up - who knows, maybe there are a few investors out there unaware of your track record with other people's money.
Re: 350lb of self importance
It just wont be the same ever again without all the uploaded movies, TV shows, warez and porn.
I suggest branching out into new industries instead - maybe a Kickstarter rip-off called Mega Beggar?
Re: Mega Hurts
What makes you think it won't be the same. Users will still upload pirated content. The difference is now the secret keys will be passed around only to those who are in the right circles. And without the keys, no one can prove what is being hosted by a user.
Re: Mega Hurts
Not really. Either the files are public which is essentially the same as before or the keys are shared. If you want to share the keys at any decent scale then they'll need to be posted on forums somewhere, probably a private one reminiscent of Demonoid. It really isn't hard for the feds to join pirate sites, they don't exactly require photo ID.
IANAH (I am not a hacker) but . . .
Rather than braking in and bragging it wold be far better to break in and leave a little side window open then leave evidence you'd been there for months.
It sees to be all the rage with governments and large corporations who discover they've had lodgers for a year or so.
Mega-Search.me surely :-) There, fixed that for yah.
Given that Kim "Kimble" Dotcom is the quintessential wideboy (in more senses than one), I smell a rat. Even if you do audit his crappy crypto, he will probably just keep you "negotiating" long enough to have people fix it, so disclosure no longer matters. At that point, you'll probably be paid a grand total of Jack Shit, and you've done the work for free.
.. which is why I suspect the reward will not be claimed *publicly*. He'll be told once he has some good revenue coming in, because then it's worth a LOT more.
If you want to play with fire, you best assume you'll end up burned..
Could be problamatical...
In the USA at least. Just published rules regarding things like copyright and the (dreaded) DCMA say that the simple act of "jailbreaking" a cell phone so you can use it on another carrier is an offense. Not good! What will the penalty be for breaking Mr. DotCom's crypto. Who knows?
Me? I really don't want to find out.
Then again, he may be hiding some child porn and that could get you into trouble as well!
Re: Could be problamatical...
I guess DCMA means simple that US based hackers are excluded from the competition on legal grounds..
Apparently there are things called "shops".
In these "shops" just about anyone can "purchase" stuff.
Purchased stuff is likely to be totally legal.
Money, and how to use it.
Re: HACKER NEWS
Purchase? What is this word you are talking about?
Re: HACKER NEWS
Ha ha! If there're any shops left by the end of the year, that is other than Amazon and and Mr Patel's down on the corner, I'd be very surprised!
Would it not...
Be better to offer £100,000 (or euros)? As I'm sure someone with a big enough grudge could turn down £10k for the fame, or outbid £10k for the ability to decode (say the Government). It just seems a bit low.
It would seem that the popularity of MEGA is directly proportional to the ease with which pirated material can be shared. If it were just about being able to encrypt and share files with a small group, then my site, ThreadThat dotcom, would be more popular. It has been my experience that privacy is not a motivating factor in the use of file sharing services.
It's not likely that anyone would want the obese one's booty for anything.
Duping the gullible
Do you think when someone hacks his cloud, that he's going to pay them or advertise the hack?
I've no interest in his site, but his approach to PR and dealing with news agencies is rather unique and for that I applaud him!