Crack Mega’s cryptography to win yourself ten grand.
You’ve almost got to admire Megaupload founder, Kim Dotcom’s, sheer talent for ballsy showboating. Having enraged copyright proponents across the globe, Dotcom seems intent to caper about the internet, thumbing his nose at the entertainment industry and the FBI like some kind of rotund jester. His latest venture, a cloud-based file-sharing service born from the carcass of Megaupload – simply titled “Mega” – has been met with criticism from security experts and copyright warriors alike. Dotcom’s response? A challenge.
:#Mega’s open source encryption remains unbroken! We’ll offer 10,000 EURO to anyone who can break it. Expect a blog post today,” Dotcom tweeted earlier today.
Mega’s security is unorthodox. Everything a user uploads is encrypted before it leaves their browser, using a master key that can be unlocked by a password known only to the user. In other words, Mega can’t tell what the user is uploading. Critics argue that the system isn’t so much about protecting the user’s information as it is about providing Mega’s operators with plausible deniability when it comes to copyright-infringing files.
But the system has also come under fire from security experts. The number-crunchers argue that the encryption system’s random number generation isn’t up to snuff, and that the cryptographic hashes could be cracked using dictionary-based attacks. Dotcom obviously believes otherwise.
Honestly, I’m not sure who I’m rooting for here. On one hand, it’d be wonderful to see Dotcom eat crow and have to hand out ten Gs to some random cryptanalyst. On the other, the file-sharing baron’s antics do tend to whip MPAA-types into frothing fits of rage, and I’d be lying if I said that doesn’t keep me warm at night.
Source: The Register