STE WILLIAMS

Rotund Mega baron Dotcom offers bounty for breaking his crypto

Kim Dotcom is offering a prize of € 10,000 ($13,600) for anyone who can break the cryptography of Mega, his recently launched cloud-based storage site.

Mega’s launch last month was meet by criticism from multiple security researchers. Everything a user uploads is encrypted before it leaves their browser, using a master key that can be unlocked by a password only known to the punter. The failure to use a good source of random number generation in coming up with user passwords, the lack of account recovery options – or even the ability to change passwords – as well as the possibility of cracking the cryptographic hashes using dictionary-based attacks all became targets of criticism. The strength of the SSL certificate used on one of the main Mega servers also became an issue.

In response, Mega published a blog post designed to reassure users that all was well. It has since introduced the ability to change passwords and a password reset capability.

All this has failed to placate some critics, who argue that Mega’s unconventional cryptography system was more suited to providing it with plausible deniability over the use of the site to share pirated content than an effective means of safeguarding user privacy.

The fat controller himself responded to this ongoing criticism on Friday by making good on an earlier promise to offer a bounty to anyone who breaks the site cryptography.

“‪#Mega‬’s open source encryption remains unbroken! We’ll offer 10,000 EURO to anyone who can break it. Expect a blog post today,” Dotcom said in a Twitter update.

Further details are yet to appear on Mega’s blog. Prizes for hacking into things are all good clean fun but don’t actually prove a system is secure, of course. It just shows nobody has found a bug as yet, or they’ve found something but don’t want to go public on the discovery or that they’re holding out for a bigger prize.

In other Mega news, the file locker service has begun blocking third-party search engines from indexing publicly available files shared by Mega users. One such third-party service, Mega-Search.em, turned Mega into a source of pirated content. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/mega_crypto_break_bounty/

  • 01/02/2013
  • adm
Comments are closed.