The Security of the Mega File-Sharing Service

Ever since the launch of Kim Dotcom's file-sharing service, I have been asked about the unorthodox encryption and security system.

I have not reviewed it, and don't have an opinion. All I know is what I read: this, this, this, this, and this.

Please add other links in the comments.

EDITED TO ADD (1/24): Also this.

Posted on January 23, 2013 at 12:55 PM • 25 Comments

Comments

Clive RobinsonJanuary 23, 2013 1:33 PM

Reading between the lines I would say that the encryption is not there for the security of the data or it's owners, it's only their to stop the site owner getting prosecuted.

As I understand it the site owner is currently facing extradition proceadings to the U.S. on what are essentialy charges relating to the copying and distrubution of copyright protected material.

The site owners argument appears to be, if the site owner cannot tell if the files contain copyright protected material then he cannot be held liable.

I suspect he will find that he has misjudged our legal brethren. As far as I can tell unless he gets acknowledged "common carrier" statuss then copyright holders can still go after him for civil damages as a minimum.

Also he may also be iin breach of his bail conditions currently, so he could have already sailed to close to the wind as it where.

robinJanuary 23, 2013 1:50 PM

i don't think so they care about security of files , its just to by pass laws as people just upload movie files on it like megaupload ...

MichaelJanuary 23, 2013 2:08 PM

There have been a lot of misunderstandings concerning the encryption model of Mega. I recommend reading their latest blog post about this topic. Also note that it is still considered as "under development" and everybody is free to contribute, as it is open source.

Furthermore Kim Dotcom is not in breach of his bail conditions, as has been stated by his lawyers during the Mega launch press conference.

BCJanuary 23, 2013 3:00 PM

"Reading between the lines I would say that the encryption is not there for the security of the data or it's owners, it's only their to stop the site owner getting prosecuted"

Now all we need is an answer why services like Youtube don't need to do this.

wumpusJanuary 23, 2013 3:21 PM

@BC because the provisions in the DMCP safe harbor provisions state "sufficiently large corporations can ignore piracy prosecutions as long as they obey every robo-signed take down notice".

Just to point out the obvious, this appears to have all the "security" of ECB mode encryption (pretty much inherent in any deduplication scheme). In other words, once you download or otherwise locate a file of illegal (or otherwise censorable) speech, encryption is no longer stopping you from finding every other bitwise identical copy of that file.

Bruce ClementJanuary 23, 2013 3:23 PM

@Clive Robinson

"As I understand it the site owner is currently facing extradition proceadings to the U.S."

According to the Companies Office records, Kim Dotcom isn't the owner of Mega Limited: (Information from there on Mega Limited)


  • It was incorporated on 29 Nov 2012 [1]

  • It has three directors: Kim DOTCOM, Antonio Frank LENTINO and Mathias ORTMANN. [2]

  • Has two shareholders: MD CORPORATE TRUSTEE LIMITED 87,000 shares and INSTRA GROUP HOLDINGS LIMITED 10,000 shares.[3]

  • MD CORPORATE TRUSTEE LIMITED has one shareholder Mona Verga DOTCOM [4] who is also the only director [5]

This makes Kim effectively an employee.

"he may also be iin breach of his bail conditions"

Possibly, but bail conditions never seem to be taken seriously in this country so if he is breaching them he's just following what seems, unfortunately, to be the kiwi way.

Clive RobinsonJanuary 23, 2013 4:29 PM

@ Bruce Clement,

Thanks for that info, it leaves of course the $64,000 question of the "business" relationship between Kim Dotcom and Mona Verga Dotcom his wife.

After all it would not be the first time Kim's business practices had been called into question (insider trading in Germany and failing to correctly register a business in Hong Kong).

I gather from reading his wiki page that Kim is a somewhat larger than life character (although physicaly slightly smaller than me ;-) and appears to have earned himself a bit of a name and reputation in NZ. The allegations of being spyed on by proxie by the FBI treating NZ as another "Bushes poodle" and then having it confiirmed by the NZ PM with a public appology appears to have made him more of a household name in NZ than quite a few politicians...

http://en.m.wikipedia.org/wiki/Kim_Dotcom

As they say "I'll be watching this space with interest".

dragonfrogJanuary 23, 2013 4:43 PM

Just because their terms of service say they're allowed to deduplicate, it doesn't necessarily mean they currently have the means to do so - that seems like something no one is mentioning...

MichaelJanuary 23, 2013 4:57 PM

Deduplication is applied in 2 two at mega:

a) files that are post-encryption identical (therefore: same file encrypted with same key)

b) files that are copied (or shared) between accounts [therefore a subcase of a)]

Bruce ClementJanuary 23, 2013 5:58 PM

@Clive Robinson
"it leaves of course the $64,000 question of the "business" relationship between Kim Dotcom and Mona Verga Dotcom his wife"

True, and I doubt anyone believes that her ownership of 81% of Mega Limited is anything but a thin veil but legally they are two separate people and IIRC she's not on bail for anything.

I'm sure his business practices are troubling and perhaps they should be investigated but the man has acquired something of a William Tell status here by successfully standing up for himself and exposing a police force that is willing to ignore our democratic history, culture and laws for the benefit of some foreign republic.

GodelJanuary 23, 2013 6:42 PM

Anyone interested should search the Ars Technica site for mentions of the MegaUpload saga and Kim Dotcom. Bring popcorn.


Here's one: http://arstechnica.com/tech-policy/2012/08/helicopters-guns-attack-dogs-new-video-shows-raid-on-dotcom-home/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

Although Kim somehow reminds me of a fat rat with a gold tooth, the actions of the FBI and the NZ cops are even more appalling and make him the underdog in this case. So GO KIM!

BrianJanuary 24, 2013 7:27 AM

I thought the "fail0verflow" analysis was particularly interesting because it's a relatively basic crypto error that someone familiar with developing cryptography (or had even just read Practical Cryptography) wouldn't make.

For those who didn't read that link, MEGA is basically using AES-CBC-MAC with a fixed, known key to verify some Ajax loaded content in their page. In other words, using CBC-MAC with a publicly known key as a hash function...which it isn't.

And that's interesting because it's not a weird edge case or a coding error or a subtle problem. The basic approach is broken. And it's an understandable error for a non-crypto developer to make, but that probably shouldn't be the kind of developer you have writing crypto code for a service making a lot of noise about how secure it is.

cipherrJanuary 24, 2013 8:40 AM

Kim Dotcom was only 'busted' because his company sent internal emails that were not encrypted asking where they could find certain pirate movie copies, implying that they were not srs about dmca.

I don't know why he's encrypting content he needs to encrypt his communications,

I just use ciphertite for encrypted backups because it was designed by openbsd devs

VlesJanuary 24, 2013 9:26 AM

Kim Dotcom was only 'busted' because his company sent internal emails that were not encrypted asking where they could find certain pirate movie copies, implying that they were not srs about dmca.

Oh hi there.

Youtube - City Of God (2002) - Full Movie - HD 1080p.
Still on the to-watch list, but they say it's a good un.

https://www.youtube.com/watch?v=JS-FuUdg7S0

MurrayJanuary 24, 2013 1:31 PM

Dotcom is implementing encryption as a means to protect himself against legal attack for storing copyrighted material (which is what happened with his previous service). By encrypting the content his company can deny knowledge of the content. This is being marketed as an "advantage" for their users.

CapJanuary 24, 2013 1:51 PM

@murray: If the encryption actually does serve to keep Mega from going the way of Megaupload, how is it not an advantage for the users?

MurrayJanuary 24, 2013 2:38 PM

@Cap: Then the advantage to users is the assurance that the service will remain in business, rather than absolute privacy of stored data. To many users that will be of more practical importance anyway.

JonJanuary 24, 2013 2:56 PM

Or you could just upload lots and lots of totally random data files. Once you've established a pattern of doing that, and maybe 10,000 files or so, then you can, through a side channel, mention to some of your best friends that "Oh, if you XOR Random File X with Random File Y, you'll get Interesting Content Z".

MurrayJanuary 24, 2013 4:25 PM

Commenters have pointed out that the file deduplication (even if encrypted) can be used to pinpoint multiple copies of a particular file (e.g. "The Hobbit" movie). I can see an opportunity for a utility that adds random salts to files before they are uploaded. Sort of an "anti-watermark".

David ThornleyJanuary 24, 2013 4:55 PM

@wumpus: You can't divide files into copyright-infringing and not copyright-infringing, because different people may have different rights, through copyright ownership and licensing. I can put certain files on such a service and be perfectly legal, whereas if you did that you'd be violating copyright.

There are going to be some files that we can be confident that all uploaders are doing so illicitly, but not nearly all of them.

AutolykosJanuary 28, 2013 8:59 AM

@Jon: OTPs don't really work (nor have any particular advantage beside obscurity) once they're public. It's just a klunky type of encryption. I'd go for AES-encrypted rar Archives (they seem to be backdoor-free and quasi-standard anyway). Their key is a little easier to distribute, and they're not searchable either (as long as you give them random or misleading names).

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..