The new MEGA
category: offtopic [glöplog]
I can't understand how the "new Megaupload" (MEGA) denies that the company knows your encryption key if, when you ask for a download link, the site shows you the key in a window.
Do you?
Do you?
plenty of ways to abstract that away, and all of them requires you to trust them :p
maybe it's stored locally in sql? it's html5 after all...
Could be stored "locally" on my PC, but I can't see how this can't be still stored "locally" if I change PC and access their servers.
Maybe there is a clever way of doing this, but at this time I can't get it...
Not used it, but if you're logging in then your password could be used to decrypt the key - meaning your key is stored in encrypted form, and they don't know it. And your password can be stored in hash form too, meaning they don't know your key or password.
And of course, kim dotcom is totally trustable, never fucked anyone over, and never had any previous storage sites totally taken down causing lots of paying customers to lose their stuff ;)
I'd stick with sites that are more reputable. Even if you're using it for piracy.
And of course, kim dotcom is totally trustable, never fucked anyone over, and never had any previous storage sites totally taken down causing lots of paying customers to lose their stuff ;)
I'd stick with sites that are more reputable. Even if you're using it for piracy.
I wouldn't trust Kim Dotcom with a bagel let alone my files. Suck it, fatso!
From a theorical point of view, the password seems to be the encryption key. In fact the help says:
Quote:
Unfortunately, your MEGA password is not just a password - it is the master encryption key to all of your data. If you lose it, you lose access to all of your files that are not in a shared folder and that you have no previously exported file or folder key for.
(the password can't be recovered).
So, maybe the password is encrypted client-side in a non-reversible (at least, not easily) way, and sent to the server encrypted for comparison when you log-in.
Also the files may be encrypted with this password and sent to the server.
Still, when I want to download a file, I do a GET request to the MEGA servers where the key is in the URL. So, I still don't understand how the server can't "see" that key.
Your password is not among the parameters of that GET request, is it?
Then what you're seeing is probably just a hash.
If the GET key is not static, that thing might work like this:
- First registration: your browser hashes your password ( H1=hfunc(password) ), then sends H1 in the clear to MEGA. MEGA stores that value.
- The key involved in subsequent requests might be computed with key=hfunc(H1+other_stuff). As you can see, key can be computed separately by your browser and MEGA, while the latter only has to know and store H1.
Then what you're seeing is probably just a hash.
If the GET key is not static, that thing might work like this:
- First registration: your browser hashes your password ( H1=hfunc(password) ), then sends H1 in the clear to MEGA. MEGA stores that value.
- The key involved in subsequent requests might be computed with key=hfunc(H1+other_stuff). As you can see, key can be computed separately by your browser and MEGA, while the latter only has to know and store H1.
i guess Kim and his guys think this is a way to protect themselves and avoid what happened to megaupload : if someone complains (eg: DMCA) about hosting piracy or whatever they could say : "we are not responsible for this, since we don't even know what people are hosting, here is the proof : everything is encrypted, only users are actually able to decrypt or make some meaningful with these bytes..."
the internet interprets censorship as damage and routes around it.
I see only one possibility how the company might NOT know your key: If the key is sent to the server in encrypted form, and when the key was displayed on your screen this was due to a local script (e.g. a javascript) that decrypted your key on your local PC, but did not send the decrypted key anywhere.
I wouldn't trust that the company really doesn't know your key.
I wouldn't trust that the company really doesn't know your key.
*likes okkie's comment* :)
I'd trust Dotcom to the end of the world.
After all, he's German, and who would have any reason to distrust/dislike those cute little Germans?
After all, he's German, and who would have any reason to distrust/dislike those cute little Germans?
Yeah, and he hacked nasa, fbi, telekom AND invented blueboxing, so he must be genious!
and he's also half finnish!
whatever asshole he might be, atleast he has courage.
v3nom: heard of the term Ubermut (= overly courageous)? but then, i think he knows exactly what he's doing and there is no way in hell he would've come free without some kind of deal, if you remember how unjust the piratebay founders like peter sunde are treated.
also: MEGA is too close to GEMA for my taste
v3nom: a courageous piece of shit is still a piece of shit.
Like we were saying: http://www.theregister.co.uk/2013/01/22/megaupload/
Hahaha, once a snitch, always a snitch.
Haha, what a terrible human being and company! Fuck them forever.
okkie: sure, he betrayed other warez-guys back in the mailboxing days already, no wonder he does it again. he's reckless to the bone.. like a super-villian.
...and he certainly looks the part, too!
"insider trading" is the most boring super-villain-power ever.