Kim Dotcom's launch of Mega has touted the big tagline of being bigger, better, faster, stronger, and safer, but while Dotcom promises 128 bits of AES encryption and the use of 2048 bits of RSA public/private key infrastructure, I'm not too convinced about the last aspect of his sell: the safety.
Mega's security operates in a different way to a lot of other sites. Its use of public/private pair keys is a good step for ensuring that no one but the owner of the private key pair has the ability to decrypt files that are stored in its cloud service, but it appears to also be tied into the password used to set up the account.
Mega's site states that it is "the master encryption key to all of your data" and that "if you lose it, you lose access to all of your files that are not in a shared folder and that you have no previously exported file or folder key for." However, tying the password deeply into the encryption scheme also means that it is impossible to reset or change a user's password without throwing away the encryption keys. Combined with the current inability for users to close their account and create a new one, and users are stuck with whatever password they signed up with. Hopefully, that wasn't "password," while they figured out whether they wanted to keep using the service.
And hopefully they didn't typo it, either, because Mega doesn't ask users to type their password again to confirm during the sign-up process.
But, more importantly, this approach to security highlights something that is more important than the strength of keys and passwords: the ability to revoke and issue new ones.
Previous security incidents have left organisations urging their users to reset their passwords, even when the targeted organisation was not affected. An example of this is the recent case of a New Zealand bank that claimed its site was being cloned for another payment processor's site. The incident did not involve the bank's own infrastructure — its systems were never breached — but the only advice it could really give its customers was for them to change their passwords. In Mega's case, this would be impossible.
In the event of a phishing campaign or malware that specifically targets the farming of users' Mega passwords, users don't have any options available to them to improve their security. Mega isn't responsible for the security of its users' PCs, or their behaviour on any unsavoury websites.
And if an account is compromised, what then? Attackers could have a laugh, uploading pornography randomly into users' documents; be downright malicious and delete all of their files in an instant; or, possibly worse, download them all to snoop through.
A vigilant user might discover that their account is being accessed from another browser at another IP address, but there are no options to disconnect the user and ban that address. Even if there were, the attacker could just use a proxy to change their IP address, log in with the same password again, and even employ the same futile lockout method on the original owner. Against a less tech-savvy user, perhaps it might even work.
So, sadly, the only thing that the account holder can do is delete their own files before their adversary can download them — a humiliating defeat, but the only way that they can protect their files, because, once hacked, they're hacked forever. Which leads me to question the point of having individual accounts in the first place. With this amount of security, the only files worth putting up are those that are only temporary or are going to be shared publicly anyway, both of which can be achieved through anonymous accounts.
But if we give Mega the giant assumption that all of its users will use long, unique passwords, and won't fall victim to phishing schemes or keyloggers and the like, their own systems should be fairly secure, right?
Users have already found cross-site scripting vulnerabilities on the site, which could be used, for example, to send off session cookies to an attacker so that they can log in as they please. Someone with a more malicious imagination can come up with better, but I can easily see the potential for a social engineer to create a form that requires the user to log in again before they can upload or download files. From here, they could gather Mega log-in details or even request that the user "link" accounts with other services, such as Facebook, or PayPal, if they're daring enough.
Unless things change in the future, and passwords are not tied so intimately to the encryption keys forming the basis for Mega's security, the alternatives will, at best, be a workaround. If Mega eventually allows accounts to be erased and closed, the paranoid (or those who are serious about security — it's a tough call to make a distinction) may opt to completely remove all of their content and sign up again just to change their password. With free accounts providing up to 50GB of cloud storage, many won't have the time and bandwidth to go through the hassle.
There will no doubt be various uses for Mega, such as uploading content that is meant to be publicly accessible and shared, but, if you were thinking about using it as a nice way to provide even more redundant storage for your documents and family photos, I'd steer clear for a while yet.
It's hard to say when Mega might become secure enough for more personal content, but it doesn't look like it will be soon; there are a number of enhancements coming up for the cloud storage site, but security barely rates a mention on the list of "essentials."