34 
Kim Dotcom’s newly launched Mega is determined not to get screwed over by the rozzers the way MegaUpload did, and the trick is encryption, lots of encryption. Mega’s really going that extra mile too: it’s using your random mouse and keyboard data to strengthen your crypto keys.
Cryptography relies on having complex keys to encrypt you data, and obviously those keys should be random. But if you know anything about computers, you know they’re horrible at generating random numbers. They just can’t do it. Instead, they’ll take obscure variables like your computer’s clock time, and spin those out into something pseudorandom. If somehow you can find out the variable though, it’s not random at all.
Mega’s taking that a step further by adding you to the equation; the way you twitch your hand on the mouse, or how you type out your username will get wrapped into your cryptokeys as well. And those are variables that are unlikely to be traced and damn near impossible to reproduce. Stuff like this isn’t unheard of, but it goes a long way to show how serious Mega is about security. And that should come as no surprise since all that encryption is there to protect Mega more than it is to protect you. And with precautions like this, how could it not?
How Mega's Encryption Will Protect You, But Mostly Kim Dotcom
Kim Dotcom's Offering a Cash Reward If You Can Smash Mega's Encryption
Do You Use Encryption?
If MEGA is so super encrypted, and the key is generated and stored on the client side, then either:
- the key has to be shared in order to share the file, for public sharing there is no point in encryption (other than a legal mechanism)
- files are not meant to be publicly shared
Either way, given that the key resides on client side, how is that key shared with the intended audience? what is the mechanism? email? instant message? isn’t this a bit cumbersome?
also, in order to maintain security the mechanism that a key is “shared” needs to be just as secure as the key itself. So is there any real point in this encryption, or is it purely for legal reasons?
Given the rationale that the keys can be freely (or at least less securely) shared, then does the whole encryption legal argument fall flat on its face?
is this all just a means to tie up and draw out legal arguments in technical detail which lawyers and judges don’t fully understand and can’t effectively argue without a degree in crypto?
decryption is only for mega owner, so he can always claim that he doesn’t know what are people uploading. Keys will be flying left, right and center.
I saw this & thought it was some kind of joke.
Thank you for explaining it
The related articles look like they are though!
Unix does the same and records mouse and key presses and keeps them in a special file that is used for random information.
Is anyone else having trouble accessing the site? My IP is sky, but I’m using Google’s DNS.. I just get an ‘Oops, google chrome could not connect..’