Is Mega handing encryption keys to users to protect itself from future legal problems?
Security experts have found a host of security vulnerabilities in Kim Dotcom’s new online storage venture Mega, but many suspect his claims of tough data protection were only a smokescreen to distract attention by law enforcement agencies.
Mega, a follow-up to Dotcom’s Megaupload service shut down by law enforcement, launched on Sunday. Its founder boasted it was “the privacy company”, offering 50GB of free online storage to every user and blanket encryption across the site.
Yet many potential security vulnerabilities have been highlighted by the community, including flawed encryption key handling, a cross-site scripting hole and problematic claims surrounding deduplication.
The SSL encryption being used on some Mega domains appears to be 1024-bit encryption, which can be broken with far greater ease than 2048-bit encryption – viewed as best-practice amongst experts. At least one of Mega’s sites uses only 1024-bit encryption to “reduce CPU load”, although Mega.co.nz uses 2048-bit.
Furthermore, if a hacker gained control of the Mega server they could either just turn off the encryption or get hold of the private key to decrypt users’ files. Even though Mega says it doesn’t hold the keys, Mega admins could get hold of them, as it would only take a minor code change on Mega’s servers to access those keys.
Some are concerned US law enforcement agencies, who are already trying to extradite Kim Dotcom over Megaupload’s alleged support for copyright infringement, will simply order Mega to hand over the keys.
“I can imagine the FBI are typing up their warrant as I type requiring the keys to be collected and the content of the servers to be analysed,” Woodward told TechWeekEurope.
Deduplication is another problematic issue. As was seen with Nokia recently, deduplication of encrypted data requires that information to be decrypted, repackaged and then encrypted again. The case of Mega is different, as it claims it can identify duplicated files, hinting the content may not be entirely secret.
According to Mega’s co-founder Bram van der Kolk, speaking to Forbes, it is looking at the entire encrypted file. So if a user uploads the same file encrypted with the same key twice, or if a copied file from a file manager is uploaded, one of those duplicate files will be deleted.
Despite the numerous security issues, many have questioned whether Mega isn’t simply boasting about its security to protect itself from law enforcement action. If it does not own the keys, and does not access user data, it will be oblivious to the legality of content uploaded to Mega.
“I think Mega is using encryption not for the security of their users but their own personal legal protection,” Woodward added.
“I cannot imagine anyone who understands encryption would trust their precious data to Mega’s scheme as it currently stands. It would appear that Mega is after people who are looking for somewhere to store their data with a provider who wishes to adopt a position of ‘see no evil’.”
The password problem remains both a security and usability issue, but Mega has promised to let users reset passwords soon. Currently, if they forget their password, they can wave goodbye to their files, regardless of the level of encryption.
UPDATE: Co-founder of Mega, Bram ven der Kolk, promised TechWeekEurope an update from Mega on the issues and has delivered in a company blog.
He confirmed the user password is used to create the master AES-128 master encryption key, which is held on Mega servers, which in turn unlocks private keys and the user’s content. This means Mega could indeed be ordered to find keys and then open up user content.
It also means that the lack of password reset is a big problem – if you forget your password you will have lost the key, meaning even if you got a new password, it wouldn’t recover your files. But van der Kolk has promised some changes.
“A password change feature will re-encrypt the master key with your new password and update it on our servers,” he explained. “A password reset mechanism will allow you to log back into your account, with all files being unreadable.
“Now, if you have any pre-exported file keys, you can import them to regain access to those files. On top of that, you could ask your share peers to send you the share-specific keys, but that’s it – the remainder of your data appears as binary garbage until you remember your password.”
How well do you know Internet security? Try our quiz and find out!