![]() After enough successful logins - 512 to be exact - an attacker could be left with the real one.įor a more technical explanation, the authors of the paper describe on their website: The flaw is specifically related to the lack of integrity protection.īy breaking the encrypted private key, an internal MEGA attacker could be able to narrow down the possible keys with each login attempt. The security flaw revolves around how MEGA’s RSA encryption mechanism handles attempts to access a user’s private key, which is stored in an encrypted form on MEGA’s servers. Yes, regardless of this vulnerability, MEGA’s encryption is still end-to-end. Stay with us as we unpack what this means for users and for the future of MEGA. someone in control of MEGA’s infrastructure) to retrieve a user’s master key and use it to decrypt user data stored on the servers.įurthermore, the same attack would allow the attacker to insert chosen files into the user’s file storage, which would look identical to ones uploaded by the user themselves. It’s doubly troubling for MEGA, then, that researchers have identified cryptographic flaws in its architecture, potentially allowing a malicious service provider (i.e. This isn’t surprising because private encryption not only improves the privacy of user data, it also serves as plausible deniability in regards to copyright infringement, which was the bane of MEGA’s predecessor, Megaupload. Private encryption has always been the cornerstone of how MEGA presents itself to customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |