Jump to content

Mega users: If you're hacked once, you're hacked for life


Recommended Posts

.

Mega users: If you're hacked once, you're hacked for life

Summary: Pessimists, or perhaps realists, in the security industry say that being hacked is a matter of when, not if. But if you're a Mega user, do whatever you can to make sure you're never hacked, because you can't change your password and you can't delete your account.

By Michael Lee | January 21, 2013 -- 05:09 GMT (21:09 PST)

Kim Dotcom's launch of Mega has touted the big tagline of being bigger, better, faster, stronger, and safer, but while Dotcom promises 128 bits of AES encryption and the use of 2048 bits of RSA public/private key infrastructure, I'm not too convinced about the last aspect of his sell: the safety.

Mega's security operates in a different way to a lot of other sites. Its use of public/private pair keys is a good step for ensuring that no one but the owner of the private key pair has the ability to decrypt files that are stored in its cloud service, but it appears to also be tied into the password used to set up the account.

mega-500-500x354.jpg?hash=MGVkA2LmZm&upscale=1

If you're a Mega user, do whatever you can to make sure you're never hacked, because you

can't change your password and you can't delete your account. ~ Image: Mega

Mega's site states that it is "the master encryption key to all of your data" and that "if you lose it, you lose access to all of your files that are not in a shared folder and that you have no previously exported file or folder key for." However, tying the password deeply into the encryption scheme also means that it is impossible to reset or change a user's password without throwing away the encryption keys. Combined with the current inability for users to close their account and create a new one, and users are stuck with whatever password they signed up with. Hopefully, that wasn't "password," while they figured out whether they wanted to keep using the service.

And hopefully they didn't typo it, either, because Mega doesn't ask users to type their password again to confirm during the sign-up process. (More...)

Read the complete article at: http://www.zdnet.com/mega-users-if-youre-hacked-once-youre-hacked-for-life-7000010054/

Steve

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.