Dotcom Offers €10,000 to Potential Code Crackers

The Wooster

King Snap
Jul 15, 2008
15,305
0
0
Dotcom Offers €10,000 to Potential Code Crackers

Crack Mega's cryptography to win yourself ten grand.

You've almost got to admire Megaupload founder, Kim Dotcom's, sheer talent for ballsy showboating. Having enraged copyright proponents across the globe, Dotcom seems intent to caper about the internet, thumbing his nose at the entertainment industry and the FBI like some kind of rotund jester. His latest venture, a cloud-based file-sharing service born from the carcass of Megaupload - simply titled "Mega" - has been met with criticism from security experts and copyright warriors alike. Dotcom's response? A challenge.

:#Mega's open source encryption remains unbroken! We'll offer 10,000 EURO to anyone who can break it. Expect a blog post today," Dotcom tweeted earlier today. [https://twitter.com/KimDotcom/status/297173196166295554]

Mega's security is unorthodox. Everything a user uploads is encrypted before it leaves their browser, using a master key that can be unlocked by a password known only to the user. In other words, Mega can't tell what the user is uploading. Critics argue that the system isn't so much about protecting the user's information as it is about providing Mega's operators with plausible deniability when it comes to copyright-infringing files.

But the system has also come under fire from security experts. The number-crunchers argue that the encryption system's random number generation isn't up to snuff, and that the cryptographic hashes could be cracked using dictionary-based attacks. Dotcom obviously believes otherwise.

Honestly, I'm not sure who I'm rooting for here. On one hand, it'd be wonderful to see Dotcom eat crow and have to hand out ten Gs to some random cryptanalyst. On the other, the file-sharing baron's antics do tend to whip MPAA-types into frothing fits of rage, and I'd be lying if I said that doesn't keep me warm at night.

Source: The Register [http://www.theregister.co.uk/2013/02/01/mega_crypto_break_bounty/]


Permalink
 

The Wooster

King Snap
Jul 15, 2008
15,305
0
0
http://i0.kym-cdn.com/photos/images/newsfeed/000/293/590/6f6.gif
Though I am disappointed that he specified "Potential Code Crackers". Black people know how to use computers too Dotcom!
 

Therumancer

Citation Needed
Nov 28, 2007
9,909
0
0
Well, I think it's kind of hilarious since the idea of the encryption seems to be deniability rather than functionality. The idea being that some pirate or whatever would put the decryption code right there in the comments or whatever so people could receive the file. Kim of course being able to blame people's "poor security habits", claim it would be unethical to use those keys himself, or simply claim too much traffic to investigate every file with an unlock code.

It will be interesting to see what happens, and how exactly this system will wind up being user friendly to pirates, which is what copyright defenders are getting at.
 

webkilla

New member
Feb 2, 2011
594
0
0
AFAIK it's not the first company to make a similar challenge - although from what I know they rarely make it this public, and the reward is more often a temporary gig as a security consultant to patch up the hole they've found
 

weirdee

Swamp Weather Balloon Gas
Apr 11, 2011
2,634
0
0
tbh this is easier than hiring tons of security experts to test your stuff, just wait until somebody get the job done, then pay that person, if it doesn't happen, then nothing is lost
 

LordMonty

Badgerlord
Jul 2, 2008
570
0
0
Its funny and tbh its a clever man taking the piss, as long as he's not hurting anyone bar the big corps I don't think it'll ever matter.
 

gigastar

Insert one-liner here.
Sep 13, 2010
4,419
0
0
So hes just issued a challenge to the internet.

Id give it a few days at least. No more than 2 weeks.
 

The Wooster

King Snap
Jul 15, 2008
15,305
0
0
weirdguy said:
tbh this is easier than hiring tons of security experts to test your stuff, just wait until somebody get the job done, then pay that person, if it doesn't happen, then nothing is lost
Yeah. 10k euros is probably how much one security "expert" will charge per hour...
 

ScaryAlmond

New member
Sep 12, 2011
188
0
0
Actually a pretty good strategy for Kim it's a win either way
One way his security is robust enough that noone hacks into it
On the other hand if there are a range of security flaws he is able to learn about them directly and is able to patch his software to improve it.
While the latter is obviously a lesser win for him it is a good strategy because a security flaw he doesn't hear about could cost him alot more than $10'000.
 

Dogstile

New member
Jan 17, 2009
5,093
0
0
gigastar said:
So hes just issued a challenge to the internet.

Id give it a few days at least. No more than 2 weeks.
Didn't Valve do that and it's still going with the whole steam guard thing? Internet isn't that all knowing. Then again, this does actually seem to be a bit more breakable, but the man's idea is pretty sound either way. If it breaks, he fixes it and he's covered. If not, reputation for being awesome is gained.

Oh it does make me feel happy that people are so against his websites. Do these people have the same sort of rage against dropbox?

Edit: Honestly though, it's saddening that he's even needed to resort to a "look, we can't even see what's in the fucking file, are you happy now?" system in response to the absolutely ridiculous idea that they should police every single file on that site.
 

Abomination

New member
Dec 17, 2012
2,939
0
0
I'm a big fan of Kim. He's sort of a cannibal in how he is turning on those which he belongs to the same group - mega millionaires - but he's on my side in that fight.

As always, business is most successful when it innovates and develops unorthodox approaches to traditional, predictive problem solving. Kim's turning his nose up at the traditional method, insulting those who employ it and making millions in the process.
 

Athinira

New member
Jan 25, 2010
804
0
0
Breaking the cryptographic hashes is not necessarily going to earn you those 10k. The cryptographic hash is derived from the users password they provide when they create an account, and since Mega can't be responsible for the user choosing a weak password (in fact, there is no security system that can make up for that effectively. Hash iteration is a possibility, but costs huge amounts of CPU).

With that said, security experts have criticized the hashing-algorithm itself that they use at Mega. If you can prove to them that you can break a very complicated password in a relatively short time, it might be enough to net you the money.
 

The Wooster

King Snap
Jul 15, 2008
15,305
0
0
How could ANY modern day encryption not be secure enough?

I mean, last I checked, even law enforcement agencies were entirely unable to crack truecrypt
 

MeChaNiZ3D

New member
Aug 30, 2011
3,104
0
0
That'd look good on a resumé. Credentials sir? Well, I cracked Mega's encryption and there's the car I bought with the money.

Honestly though, that song is just the worst most uninspired crap I've ever seen.
 

Pebkio

The Purple Mage
Nov 9, 2009
780
0
0
This guy is quickly becoming my personal hero. Not because he's a pirate, he's just got the biggest balls ever. This guy gets in trouble for his site being pirate central... so what does he do? Why, he sets up a website to be an even BIGGER file-sharing HQ but now with the largest built in plausible deniability setup this side of anything ever.

He knows what he wants to do for the rest of his life and those in charge are going to keep putting nonsense out there to stop him. But does that stop him? No sir! He just gets clever. And if he gets in trouble? No sir! He'll just do it again... BIGGER AND BETTER than before! And when they get obviously unjust in their pursuit of him? No sir! He flips the ruling judge a freedom bird and start trolling.

Edit: I mean, hell, at the launch party of his new file-sharing company - featuring conch-shell music and large men in loin-cloths - he staged a mock raid aimed at making fun of those who arrested him for doing the very thing he was doing again... WHILE ON BAIL!
 

Entitled

New member
Aug 27, 2012
1,254
0
0
Pebkio said:
This guy is quickly becoming my personal hero. Not because he's a pirate, he's just got the biggest balls ever. This guy gets in trouble for his site being pirate central... so what does he do? Why, he sets up a website to be an even BIGGER file-sharing HQ but now with the largest built in plausible deniability setup this side of anything ever.
This. Also, he is my hero because even though he already made enough profit from Megaupload that he could have lived the rest of his life in a palace built out of money bricks without ever doing anything else, yet he CHOSE TO continue sticking it to the man even at the risk of getting arrested again.

Copyright apologists would always love to apply their own amorality to everyone else, how supposedly everyone is in it for the money only, but it all falls apart when people like him, or the Piratebay crew, are showing this kind of determination when the only extra benefit from going on is that they can continue to support their ideology.