back to article Kim Dotcom shows off new mega service

Kim Dotcom has shown off his forthcoming replacement for megaupload, posting three screen shots to Twitter. The grabs offer some interesting insights into what Dotcom has planned, with the first (below) showing a field marked with a key-shaped icon. The login screen for Kim Dotcom's new cloud storage service The login …

COMMENTS

This topic is closed for new posts.

Page:

  1. FSM

    Re: Pseudo-random?

    Hang on, surely mouse and keyboard use are among the most predictable entropy sources possible?

    Consider for a moment the likelihood that someone has moved their hands to the left or right, rather than up or down, given our wrist and the movement it makes the easiest.

    And for the keyboard, if you're sourcing what people type and they're not aware of the fact that they are participating in entropy "gathering", what's the likelihood they've been using the most common characters the most?

    Maybe I'm misunderstanding the concept, but I can't think of a worse choice for getting entropy.

  2. stanimir

    Re: Pseudo-random? /dev/random

    check about writing to /dev/random, yes it's possible to write there as well

    Mouse moves and keyboard timing aint anything predictable.

  3. Charles 9 Silver badge

    Re: Pseudo-random?

    The thing is, mouse movement is near-analogue, timing-sensitive, and simultaneously bi-axial. What that means is that, at any given moment, a mouse can determine how far along in two different axes it has moved since the last time it checked. And since humans by nature cannot move very precisely, a mouse with nice high resolution would provide plenty of randomness simply from the slight variations of movement your hand makes on the mouse: Even if you move in one direction, you could be faster one moment, slower the next, drifting up and down, and so on.

    As noted, a keyboard is not the best source of entropy, but with enough variables you can still get some use out of it, especially if you add key timing (another randomness variable) in addition to the values pressed.

  4. takuhii

    Kim.com... Kim Jong Ill more like...

  5. This post has been deleted by its author

  6. Nifty
    Angel

    Random numbers

    I programmed a random number generator on game to seed based on timing the gap between some user keystrokes in microseconds, to avoid the game always startling the same way. So the mouse entropy idea is a more sophisticated way of doing similar. Ah those BBC Micro days!

  7. Spoonsinger

    Re: Random numbers

    Used a similar technique but mixing the key strokes timings with the refresh register on the Z80 - for the 'other' computers. Somewhat better than using a fixed seed string in my experience. (eek, my old aching bones).

  8. Jeff 11
    Stop

    'I'm also unconvinced that one can legally wipe one's hands clean if one has reasonable suspicion that the law is being broken. If there are a zillion files on the site each the length of a movie, then I'm not sure Kim can play innocent any more than someone saying "I was just giving a hitch-hiker with a mask a lift from the bank. I had no way of knowing he'd just robbed it".'

    The idea of total client side encryption and decryption is that the storage service fundamentally CANNOT know anything about the data that's being sent to it - in theory it'll be about as legally responsible as your ISP for not knowing what's going through your HTTPS connections.

  9. Charles 9 Silver badge

    Sounds much like a cloud version of TrueCrypt's system, in that the whole filesystem is encrypted. Probably goes a step further and encrypts individual files on top of that. So it would take two keys to reach a file: a filesystem key and a file key. Still, it would have the desired results.

  10. kparsons84

    Cheltenham

    give the cryptography clowns there something to do wont it.

  11. Filippo

    user-side crypto

    Sounds like a good idea. In practice, people who use this to share movies will just share their keys very freely. Possibly embedding them in the URL. This obviously nullifies the security aspect, but that's irrelevant - those users actually want other people to be able to read the file.

    As a bonus, if you want an online storage that has security, you can actually just use this and not share the key. But it's really a side benefit. The real point is giving Kim plausible deniability, and for that purpose the scheme seems to work well.

  12. Curtis

    A point has been missed

    For all that I've seen discussion of a) the encrypition and b) the sharing of encrypted files i think a point has been missed.

    this will include a "mail" type service....

    i postulate this, you will click a link to download, have to LOG IN, and the item you are looking for is in your "mailbox". as you download it to your computer, the software decrypts it with a public style decrypt provided by the linker/uploader.

  13. Anonymous Coward
    Anonymous Coward

    I'll bet money

    ...that his new site is soon to have the same FBI "Closed for Biz", notice as his old site.

  14. Winkypop Silver badge
    Trollface

    The dodgy corrupt bad guys versus

    The dodgy corrupt good guys.

    SNAFU

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2018