Photo by Silas Köhler on Unsplash

Cracking MEGA … in Six Queries

While the methods that we use in cryptography are often highly secure in their operation, it is often the implementation that lets them down. A recent paper identified problems with the MEGA cloud platform [paper][Web][1]:

In this paper, researchers were able to crack the RSA private key in just 512 attempted logins.

MEGA Part 1

The analysis relates to MEGA, and which is a massive cloud infrastructure which uses User-Controlled end-to-end Encryption (UCE), with over 250 million registered users and 1000 PB of stored data. Overall, the paper does not have just one attack, but five:

• RSA Key Recovery: This recovers a user’s secret key using 512 attempted logins.
• Plaintext Recovery: This recovers all the related encryption key material, and which can be used to decrypt all of the communications and files related to a user.
• Framing: This can create files within a user’s storage area, and which cannot be differentiated from the ones that have been uploaded in a genuine way.
• Integrity: This is similar in scope to the framing attack, but less sophisticated.