This seems like a reasonable analysis of the problems http://arstechnica.com/business/2013/01/megabad-a-quick-look-at-the-state-of-megas-encryption/
I was finally able to create an account but not upload anything. Obviously with all the publicity the servers are getting hammered. In addition to the weak generation of the RSA keys for the user there are mumblings about deduplication that raise serious questions. On 1/21/2013 11:14, Steve Weis wrote: > Mega is using server-side Javascript for crypto, so you're trusting > them just like you'd trust Dropbox. > > Other people have reported issues with their implementation, including > using weak randomness. I skimmed through their implementation and > found some portions that indicate they don't know what they're doing, > specifically how they're handling authenticated encryption. > > I wouldn't use Mega in it's current form. > > On Mon, Jan 21, 2013 at 4:06 AM, Sam de Silva <s...@media.com.au > <mailto:s...@media.com.au>> wrote: > > I wonder if there's any feedback from this list on Kim Dotcom's > Mega project - www.mega.co.nz <http://www.mega.co.nz> > > Can it be the secure alternative to Dropbox? > > > > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806)
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
