MEGA storage service browser extention secure?

Discussion in 'privacy technology' started by blainefry, Jan 28, 2014.

Thread Status:
Not open for further replies.
  1. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    I remember all the questions about MEGA's encryption/security when it first came out:

    http://www.pcworld.com/article/2025920/doubt-cast-on-the-security-of-kim-dotcoms-mega-service.html

    And I searched the forum for any threads before posting this. I found this one:

    https://www.wilderssecurity.com/showthread.php?t=352815

    That kind of touches on my question...it looks like the problems mentioned in the links of the OP of that thread have been corrected through the incorporation of a browser extension...

    Now you can install a (i assume)-JavaScript extension in your browser, that allows all the encryption/decryption to be done locally on your machine, and avoid any potential for private key exchange with Mega's servers. This is the same thing LastPass does...

    https://mega.co.nz/#firefox
    https://mega.co.nz/#chrome

    This would seem to nullify the security concerns with the potential for the provider to "at any time modify the script loaded by the browser to send the key used for the encryption to a web server."

    This just means the JavaScript needs to be inspected...

    Does anyone know of a review that has been done on the Mega browser extensions? Has any reputable third party gone back and inspected the updates to the whole protocol to see if the crypto mistakes have been corrected and the extension itself does indeed not allow any potential key divulgence, even to Mega itself?
     
  2. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,078
    I think you will find the answer in Mega's blog
     
Loading...
Thread Status:
Not open for further replies.