MEGA storage service browser extention secure?

blainefry · Jan 28, 2014

I remember all the questions about MEGA's encryption/security when it first came out:

http://www.pcworld.com/article/2025920/doubt-cast-on-the-security-of-kim-dotcoms-mega-service.html

And I searched the forum for any threads before posting this. I found this one:

https://www.wilderssecurity.com/showthread.php?t=352815

That kind of touches on my question...it looks like the problems mentioned in the links of the OP of that thread have been corrected through the incorporation of a browser extension...

Now you can install a (i assume)-JavaScript extension in your browser, that allows all the encryption/decryption to be done locally on your machine, and avoid any potential for private key exchange with Mega's servers. This is the same thing LastPass does...

https://mega.co.nz/#firefox
https://mega.co.nz/#chrome

This would seem to nullify the security concerns with the potential for the provider to "at any time modify the script loaded by the browser to send the key used for the encryption to a web server."

This just means the JavaScript needs to be inspected...

Does anyone know of a review that has been done on the Mega browser extensions? Has any reputable third party gone back and inspected the updates to the whole protocol to see if the crypto mistakes have been corrected and the extension itself does indeed not allow any potential key divulgence, even to Mega itself?

guest · Jan 29, 2014

blainefry said:

I remember all the questions about MEGA's encryption/security when it first came out:

http://www.pcworld.com/article/2025920/doubt-cast-on-the-security-of-kim-dotcoms-mega-service.html

And I searched the forum for any threads before posting this. I found this one:

https://www.wilderssecurity.com/showthread.php?t=352815

That kind of touches on my question...it looks like the problems mentioned in the links of the OP of that thread have been corrected through the incorporation of a browser extension...

Now you can install a (i assume)-JavaScript extension in your browser, that allows all the encryption/decryption to be done locally on your machine, and avoid any potential for private key exchange with Mega's servers. This is the same thing LastPass does...

https://mega.co.nz/#firefox
https://mega.co.nz/#chrome

This would seem to nullify the security concerns with the potential for the provider to "at any time modify the script loaded by the browser to send the key used for the encryption to a web server."

This just means the JavaScript needs to be inspected...

Does anyone know of a review that has been done on the Mega browser extensions? Has any reputable third party gone back and inspected the updates to the whole protocol to see if the crypto mistakes have been corrected and the extension itself does indeed not allow any potential key divulgence, even to Mega itself?
Click to expand...

I think you will find the answer in Mega's blog

Log in or Sign up

MEGA storage service browser extention secure?

blainefry Registered Member

guest Guest

Log in or Sign up

MEGA storage service browser extention secure?

blainefry Registered Member

guest Guest

Useful Searches