Kim’s Dotcom’s new site Mega has been launched. One of the major change made is to the policy. This is how Mega site works
- Register in Mega & get yourself a account.
- You upload a file which might be video, text, or whatever.
- Uploaded file is encrypted using a secret key & encrypted file is stored in the Mega Server.
- That secret key is available only to user who uploaded the file, i.e) not even the mega server or staffs in mega knows your secret key.
- So, when some illegal files are found, then FBI Anti-Piracy or Department of justice approach mega to enquire about file but Mega doesn’t even know what file you have uploaded.
- Only way to open & see that uploaded file is decrypting by using correct secret key.
- Kim Dotcom had put out a bounty of €10,000 to anyone who can successfully break into their secured system.
- You know how to crack this system ?? Go ahead & crack the system & claim your reward.
MORE READ BELOW:
The challenge, which was announced through the site’s blog, was launched in response to a number of security concerns, particularly surrounding Mega’s use of encryption.
Just days after going live, the site was chastised by cryptographers for using what they allege were flimsy security protocols and making nonsensical claims.
A tool was also set up by security researcher Steve Thomas that can extract users’ passwords from the account confirmation email sent by Mega at the time of signup.
Mega first responded with a blog claiming it was “not too impressed with the results [of attempts to dismantle its crypto architecture]”, but on 2 February issued the new bug identification challenge with financial incentives.
The organisation has outlined several qualifying types of bug: remote execution code of any of its servers or on any client browser, and any issue that breaks Mega’s cryptographic security model.
There are also four special scenarios: compromising a static CDN node, compromising a user storage node, compromising core infrastructure or, for the top prize, using brute force to decrypt a published file or to send the password encoded in a published signup confirmation link.
Mega said the challenge has been issued to improve its security, but Thomas claims it is a bluff.
At the top of the page hosting his MegaCracker tool, Thomas has left a message that states: “If you are here to crack Mega’s confirmation link challenge, you should know that it will cost more in energy usage than they will pay you. Since they only gave the link so that they could say ‘see no one can crack this’.
“**IF** it is even remotely crackable, it is a sentence or at least eight random words. My guess is it is output from /dev/urandom or someone smacking the keyboard for a minute.”
Any way to break into this system ?? Leave your ideas in comments. !!