back to article Kim Dotcom shows off new mega service

Kim Dotcom has shown off his forthcoming replacement for megaupload, posting three screen shots to Twitter. The grabs offer some interesting insights into what Dotcom has planned, with the first (below) showing a field marked with a key-shaped icon. The login screen for Kim Dotcom's new cloud storage service The login …

COMMENTS

This topic is closed for new posts.

Page:

FSM

Re: Pseudo-random?

Hang on, surely mouse and keyboard use are among the most predictable entropy sources possible?

Consider for a moment the likelihood that someone has moved their hands to the left or right, rather than up or down, given our wrist and the movement it makes the easiest.

And for the keyboard, if you're sourcing what people type and they're not aware of the fact that they are participating in entropy "gathering", what's the likelihood they've been using the most common characters the most?

Maybe I'm misunderstanding the concept, but I can't think of a worse choice for getting entropy.

0
0

Re: Pseudo-random? /dev/random

check about writing to /dev/random, yes it's possible to write there as well

Mouse moves and keyboard timing aint anything predictable.

0
0
Silver badge

Re: Pseudo-random?

The thing is, mouse movement is near-analogue, timing-sensitive, and simultaneously bi-axial. What that means is that, at any given moment, a mouse can determine how far along in two different axes it has moved since the last time it checked. And since humans by nature cannot move very precisely, a mouse with nice high resolution would provide plenty of randomness simply from the slight variations of movement your hand makes on the mouse: Even if you move in one direction, you could be faster one moment, slower the next, drifting up and down, and so on.

As noted, a keyboard is not the best source of entropy, but with enough variables you can still get some use out of it, especially if you add key timing (another randomness variable) in addition to the values pressed.

1
0

Kim.com... Kim Jong Ill more like...

1
1

This post has been deleted by its author

Angel

Random numbers

I programmed a random number generator on game to seed based on timing the gap between some user keystrokes in microseconds, to avoid the game always startling the same way. So the mouse entropy idea is a more sophisticated way of doing similar. Ah those BBC Micro days!

1
0

Re: Random numbers

Used a similar technique but mixing the key strokes timings with the refresh register on the Z80 - for the 'other' computers. Somewhat better than using a fixed seed string in my experience. (eek, my old aching bones).

0
0
Stop

'I'm also unconvinced that one can legally wipe one's hands clean if one has reasonable suspicion that the law is being broken. If there are a zillion files on the site each the length of a movie, then I'm not sure Kim can play innocent any more than someone saying "I was just giving a hitch-hiker with a mask a lift from the bank. I had no way of knowing he'd just robbed it".'

The idea of total client side encryption and decryption is that the storage service fundamentally CANNOT know anything about the data that's being sent to it - in theory it'll be about as legally responsible as your ISP for not knowing what's going through your HTTPS connections.

0
0
Silver badge

Sounds much like a cloud version of TrueCrypt's system, in that the whole filesystem is encrypted. Probably goes a step further and encrypts individual files on top of that. So it would take two keys to reach a file: a filesystem key and a file key. Still, it would have the desired results.

0
0

Cheltenham

give the cryptography clowns there something to do wont it.

0
0

user-side crypto

Sounds like a good idea. In practice, people who use this to share movies will just share their keys very freely. Possibly embedding them in the URL. This obviously nullifies the security aspect, but that's irrelevant - those users actually want other people to be able to read the file.

As a bonus, if you want an online storage that has security, you can actually just use this and not share the key. But it's really a side benefit. The real point is giving Kim plausible deniability, and for that purpose the scheme seems to work well.

0
0

A point has been missed

For all that I've seen discussion of a) the encrypition and b) the sharing of encrypted files i think a point has been missed.

this will include a "mail" type service....

i postulate this, you will click a link to download, have to LOG IN, and the item you are looking for is in your "mailbox". as you download it to your computer, the software decrypts it with a public style decrypt provided by the linker/uploader.

0
0
Anonymous Coward

I'll bet money

...that his new site is soon to have the same FBI "Closed for Biz", notice as his old site.

0
0
Silver badge
Trollface

The dodgy corrupt bad guys versus

The dodgy corrupt good guys.

SNAFU

0
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018