Dotcom's Mega smacks back: Our crypto's not crap Kim Dotcom's comeback cloud storage service, Mega, has responded to criticism about its approach to cryptography and password security after security researcher Steve Thomas (@Sc00bz) released his MegaCracker tool, which cracks hashes embedded in emailed password confirmation links. In a blog post designed to reassure users, …
I just had a very productive day in work setting up ownCloud on a Centos vm.
It is probably not anywhere near as secure as mega or Dropbox but it will only be accessible via vpn. Costs a lot less as well.
Once I'm happy with it I can't see me paying for anything else, even if it has crypto it is still off site and out of my control.
personally, I'm done with this online storage crap. Back when MegaUpload was up, I used it to store my files (Before "Cloud" Storage) and it worked great. I even encrypted my files in case someone D/L them.
But then the guv comes along and states "Hey, this site is being used to distribute stuff illegally, shut it down!"
And just like that, I lost my files.
No big deal, I had the originals, but I was legal, I was the only one accessing my files, so what about me?
Now, someone expects me to do the same thing with "Cloud"? IMO, "Cloud" storage is worse. And what if someone deems it to be a hub for illegal content, does everyone loose access to their legit files like I did?
I think there is a lot of people on here making a false assumption.
That assumption is that the de-duplication feature is designed to save Mega storage resources.
From my point of view it is obvious that the de-dupe is for user benefit, when dealing with 50GB or 500GB of data there is a good chance that you will upload a duplicate file, even more so if you are using it for offsite backups. The de-dupe is to save you the transfer and storage budget of using Mega so that you can script backups and only changed files will be re-uploaded or you can upload your photos directory again and again and not duplicate the data.
It is to drive ease of use for the customers NOT to save the Mega storage nodes on capacity.
1. random() is sketchy IF YOU CAN GUESS THE STARTING SEED. But how would you be able to guess a number on someone else's computer, years after the fact?
2. I fail to see how deduplication is difficult, even accepting Mega doesn't know what the unencrypted data is. And I also fail to see how deduplication "leaks" information about the data.
3. They'll fix this. Not a biggy.
4. That's kinda the point. If Mega COULD restore your password, the critics really WOULD be up in arms!!!! Store your password somewhere else - somewhere it can be recovered if you're worried. 1Password on your iPhone perhaps? The choices are endless.
I'll tell you why:
One day has 86400 seconds. PC timers increment in 10ms intervals. That means 8640000 different possibilities to seed random(). That is log2(8640000)==23 bits of entropy per day at max.
In one year that is log2(365*8640000) == 31 bits.
So, very little keyspace to iterate in the worst case. If you have a file timestamp, it will actually be much less than 23 bits !
Other people, such as Netscape, have burnt their fingers with that. You need to be a better $hill, Kim.
Deduplication requires You Mr Schmitz to have the plaintext and/or the key of all messages. Tell us how you would do it without retaining either plaintext or keys, which is equivalent.
You WILL NOT fix this, as it is impossible. No amount of money will get that done, Kim. You are a sleazebag, a convicted criminal and you should not vent claims regarding crypto. Because your arguments will be shredded in no time.
Your password would be used to decrypt a volume keywhich is used for your files. All changing your password does is to decrypt your volume key with your old password then generate a new encryption for the same volume key based upon your new password. The bits of your encrypted files doesn't need to change. At least that is how tools like truecrypt work.
If you are so incredibly stupid to believe iny ANY corporation's crypto-promises, you deserve what you will get.
As others have pointed out, "de-duping" only works across different users if they can decrypt essentially every message. This is because if they eliminate your copy and link to another user's copy, they need the (supposedly) secret key of the other user to deliver anything useful to you when you access the file. Or they need the other guy's plaintext at the time you do the uploading. So THEY will always need access to plaintext if they want to do any de-duping across users. De-duping for a single user could work if less-than perfect crypto modes (such as 3DES-ECB) were used. RC4 would ALWAYS be insecure for de-duping. Good ciphers normally use CBC for ciphers such as AES, DES, Blowfish and per-file keys for stream ciphers such as RC4.
So - SNAKE OIL.
Here is how you do proper crypto, with very little effort.
1.) Get yourself a copy of GnuPG from www.gnupg.org/
2.) To encrypt, open a command line window: Windows-Key and type cmd.exe, RETURN
3.) run c:\path\to\gnupg\gpg --symmetric c:\file\tp\encrypt.xls
4.) Enter the key (twice). Use a silly phrase of at least 60 characters such as "silly goats eat choclate when it is cold in mongolia and the moon is painted red". DO NOT use phrases out of books. If your opponent is a military, either use a wholly random 128 bit key (create a file full of nonsense, perform an md5 on it and use that as a key), or a key phrase of at least 384 characters (yes, one character of plaintext is about 0.3 bits of entropy !)
5.) To decrypt, run
c:\path\to\gnupg\gpg --d c:\file\tp\encrypt.xls.gpg
Governments don't trust sleazy businessmen and all make their crypto themselves, except for the bozos:
http://en.wikipedia.org/wiki/Crypto_AG#Back-doored_machines
GNUpg is available in source code, for you and the expert you hired, to inspect !
I guess for most people it will be best to
1.) open Notepad
2.) hammer about 1000 random characters into notepad. Do NOT repeat "asdf" 250 times ! Be serious about randomness.
3.) Save file
4.) Perform c:\path\to\md5\md5.exe c:\path\to\gibbierish.txt
5.) Write down the md5 checksum displayed. That will be a high-quality, 128 but symmetric key. Unbreakable even to Yank Intel by means of "brute force" attack. Do not confuse these 128 bits with the length of asynmmetric keys, which need to be longer than 1024 bits these days. 128 bit for symmetric keys is still more than good enough. 256 bit is a waste.
6.) Put the md5 key into your purse, into the little thing you have around your neck or the like. Do NOT put it into the same thing as where you carry the USB stick with enciphered stuff.
Here is where you get md5: http://www.fourmilab.ch/md5/
Of course you can also get md5 and gpg from Ubuntu, cygwin and many more sources. Make sure the source is legit, though. Do NOT use the adware scammer sites.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
