Feeds

Rotund Mega baron Dotcom offers bounty for breaking his crypto

Can you burst the bulging cloud locker for €10,000?

Top 5 reasons to deploy VMware with Tegile

Kim Dotcom is offering a prize of € 10,000 ($13,600) for anyone who can break the cryptography of Mega, his recently launched cloud-based storage site.

Mega's launch last month was meet by criticism from multiple security researchers. Everything a user uploads is encrypted before it leaves their browser, using a master key that can be unlocked by a password only known to the punter. The failure to use a good source of random number generation in coming up with user passwords, the lack of account recovery options - or even the ability to change passwords - as well as the possibility of cracking the cryptographic hashes using dictionary-based attacks all became targets of criticism. The strength of the SSL certificate used on one of the main Mega servers also became an issue.

In response, Mega published a blog post designed to reassure users that all was well. It has since introduced the ability to change passwords and a password reset capability.

All this has failed to placate some critics, who argue that Mega's unconventional cryptography system was more suited to providing it with plausible deniability over the use of the site to share pirated content than an effective means of safeguarding user privacy.

The fat controller himself responded to this ongoing criticism on Friday by making good on an earlier promise to offer a bounty to anyone who breaks the site cryptography.

"‪#Mega‬'s open source encryption remains unbroken! We'll offer 10,000 EURO to anyone who can break it. Expect a blog post today," Dotcom said in a Twitter update.

Further details are yet to appear on Mega's blog. Prizes for hacking into things are all good clean fun but don't actually prove a system is secure, of course. It just shows nobody has found a bug as yet, or they've found something but don't want to go public on the discovery or that they're holding out for a bigger prize.

In other Mega news, the file locker service has begun blocking third-party search engines from indexing publicly available files shared by Mega users. One such third-party service, Mega-Search.em, turned Mega into a source of pirated content. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.