Then, Mega might encrypt your data using this derived key $K$. In other words, they might derive the key $K$ from your password $P$, via $K=H(P)$, where $H$ is some hash algorithm that is fairly slow - it might take 1 millisecond to compute, for example. While I don't know for certain what they are doing, my guess/hope is that they are using a slow hash function or slow KDF to derive a key from your password. Consequently, I wouldn't use Mega for anything super-sensitive at this point in time. Cryptographers have already criticized Mega for sloppy engineering, and researchers have found a bunch of security problems, vulnerabilities, and design issues. That's irresponsible on their part, and it doesn't invite trust. They haven't published a design document that describes how their system addresses these threats. This may be the wrong place for asking this, so please move it if appropriate. How can they do this without compromising their encryption? If my symmetric key is encrypted with my password, no matter how secure my key is would it not still be as weak as the hashing function they use to store my password on their server? This ties into my second question, do they even store a hash of my password? I'm thinking along the lines of no, as it would weaken the encryption hugely, but Mega still needs to be able to determine if your login details are correct. I'll leave it at this for now as thats all that is relevant to my question. This way only someone with your password can decrypt your symmetrical key and then decrypt your files. Once the client has both these, the symmetric key is encrypted with your password and uploaded to the server. It also generates a symmetric key which is used to encrypt your files and a RSA key pair to share secrets securely when files are sent to other peoples "inboxes". Upon first signing up for an account you make a username and password. For a quick summary of all those in the future looking for an answer on this. I understand how Mega's encryption works.
0 kommentar(er)
