Dotcom Offers €10,000 to Potential Code Crackers
- Thread starter The Wooster
- Start date
Because even if encryption is easy, key management is hard.bringer of illumination said:
And key management especially becomes hard once you start making requirements to the system. In the case of Mega, the system not only has to be able to store your files. It also needs to let OTHER users download those files through a special download URL which includes a key (without those users knowing your password). Not only does the data have to be securely transmitted over the internet, but it has to be available on a wide range of computers which can provide the correct information for decryption/download (which forces some of the key storage to take place on Megas servers, which can be seized by the FBI).
Also, since it is browser-based, the platform can have some problems. JavaScript, which is the system they use for the encryption, might be limited in how well it generates random numbers, which is important for how secure the encryption is (if you can break an RNG, you can break the encryption), and might also be limited in how it can gather entropy (used to make the RNG more secure/random).
Compare that with TrueCrypt, which has the freedom to implement any RNG system it likes, and only has one basic functional requirement (encrypt/decrypt stuff for anyone who knows the password and/or has the correct keyfiles), and which can store the (encrypted) keys locally on the partition or in the container that is encrypted. The latter is much more easy to secure, and even then TrueCrypt actually has weaknesses (more specifically, the Evil Maid [http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html] attack).
This, btw, is one of the reasons that the US military doesn't encrypt the video streams from Predator Drones, even though it allows terrorists/enemies to watch the video as well. The failure properties of terrorists watching the videos is far less severe than the problems that arises from the key management for the video streams (imagine ground soldiers in the field not being able to get critical intel from the stream because of a key management failure, or the drone not being able to be deployed because the keys aren't in place at the base that needs to watch the streams, and if we want our allies to watch the streams, we suddenly have to start sharing our keys with them).
Edit: One final thing i wanted to add, is that once you start a service like this where the company (Mega) has very limited information about what you're doing (since most of the stuff, including much of the information about the files, are encrypted from the users end), the service becomes harder to change. It becomes more difficult to add, remove or change features because you can't modify encrypted information without the keys. As an example, initially you couldn't change or reset your PW, although they fixed that problem now (mostly. You can't reset your PW if you aren't logged in and forgot it, you can only reset it if you ARE logged in through the 'remember me' feature, but forgot the PW).
I know nothing about the details of Mega's encryption process but I know for a fact there exists encryption such that you could never crack them in a million years using modern technology and know-how. So saying "few days, no more than 2 weeks" solely off of "he challenged the interwebz" is pretty ignorant.gigastar said:
See, there's only really two ways to crack something: either use Brute force and guess the key via dumb luck, or try to reverse engineer the keygenerating formula so that you can obtain the key for any encrypted file. The first is impractical if the size of the key is long enough and the key generation is perfectly random, and the second can be made to be impossible (well, given our current knowledge of the subject).
From the information given it sounds like the key generating software isn't fully 100% randomized. The article mentions Dictionary cracking and that's a variation of Brute Force where you start with common passwords first; since we're talking keys here, not passwords, it may mean that the key generator is biased towards generating certain kinds of key patterns.
Slightly in love with this guy. Balls of steel.
Apparently upon the birth of his twins, he had the placenta sent to the FBI to check there was no pirate DNA. What a guy.
http://torrentfreak.com/kim-dotcom-becomes-proud-dad-of-twin-girls-120325/
Apparently upon the birth of his twins, he had the placenta sent to the FBI to check there was no pirate DNA. What a guy.
http://torrentfreak.com/kim-dotcom-becomes-proud-dad-of-twin-girls-120325/
Yes. There is a reason why FBI hire people that manage to hack into their servers. those people are obviously very good at it and can protect against hackers like themselves.weirdguy said:
You are aware that the MAIN reason for the raid on Megaupload HQ were charges of moneyfraud and piracy was just a secondary charge?Pebkio said:
I love Dotcom. No matter what happens, he doesn't give a shit what anyone thinks of him. Before he got rich, he was just a power-tripping overweight nerd, and he's still true to that, only with shit-tons of cash and encouraging followers.
Go Dotcom go!
Go Dotcom go!
O...kay? I'm not finding that on any actual reports, but yes, I've heard the nonsensical claim that the raid on all the Megaupload equipment was because the owner of that Limited Liability company was charged with a crime. However, did YOU know that most of the charges filed against him involve copyright infringement anyway? And that three others employed by Megaupload Limited were arrested same as him all for the same crime?Strazdas said:
Still, I'm not finding anything official about the money-fraud thing. Perhaps you'd like to share the source you're using for your information? According to Reuters: "They were originally charged with five counts of conspiracy and copyright infringement." In fact, go read the year-old article right here [http://www.reuters.com/article/2012/02/17/us-usa-crime-megaupload-idUSTRE81G21Y20120217].
And after some digging I found that New Zealand judge Justice Helen Winkelmann reported that "They were general warrants..." as in, no specific charges listed within the search warrants. Also, they used only the SEARCH warrants to justify a 70-officer-raid to arrest four men.
So yeah, he's still got some real brass and I'm rooting for him.
go read the escapists magazine article on it [http://www.escapistmagazine.com/news/view/115362-UPDATE-Feds-Take-Down-Megaupload]Pebkio said:
Oh and im not saying hes some evil person, i think the raid was unjustified and they should have not done it.
Capcha: ball of confusion.
It knows, it always knows.
Was there honestly any real question to that? It's 100% the reason why.
All Dotcom's about is making the most money he can out of every technicality and loophole in copyright law or just by straight up breaking it discreetly. Nobody should be on this fucker's side. Even those who heavily criticize the different governments over their handling of file-sharing business HAVE to see that this guy only reinforces their hardest positions. This guy gives everyone online a bad name and image.
Well it's because it's exactly what Dotcom is aiming for in the first place. Advocation and enabling of piracy is his main agenda since it made and continues to make the most money for him.Therumancer said:
Trouble is, as has already been demonstrated, Mega just removes the files anyway. They don't know if the takedown request is legit or not, they don't and can't try to verify it, they just take it down.Therumancer said:
Not very useful for pirates.