Mega Uses Random Data From Your Mouse and Keyboard To Beef Up Its Already Insane Encryption (Updated)

Kim Dotcom's newly launched Mega is determined not to get screwed over by the Feds the way MegaUpload did, and the trick is encryption, lots of encryption. Mega's really going that extra mile too; it's using your random mouse and keyboard data to strengthen your crypto keys.


Cryptography relies on having complex keys to encrypt you data, and obviously those keys should be random. But if you know anything about computers, you know they're horrible at generating random numbers. They just can't do it. Instead, they'll take obscure variables like your computer's clock time, and spin those out into something pseudorandom. If somehow you can find out the variable though, it's not random at all.

Mega's taking that a step further by adding you to the equation; the way you twitch your hand on the mouse, or how you type out your username will get wrapped into your cryptokeys as well. And those are variables that are unlikely to be traced and damn near impossible to reproduce. Stuff like this isn't unheard of, but it goes a long way to show how serious Mega is about security. And that should come as no surprise since all that encryption is there to protect Mega more than it is to protect you. And with precautions like this, how could it not?

Update: On closer inspection of more skilled eyes, Mega's crypto isn't quite as sexy as advertised. In fact, there are some glaring issues in the source code. As pointed out by Cryptocat developer Nadim Kobeissi:


(Consider "old" to mean "outdated")

All that is to say, Mega's encryption strategy has some holes in it. The randomness they pull from you is actually pretty predictable, and the code actually leaves Mega open to decide whether or not they feel like enforcing encryption for any given user. Of course, it also benefits Mega to keep everything encrypted for it's own "see no evil" purposes, but it's still a shady development.


Share This Story