Member-only story
Cracking MEGA … in Six Queries
While the methods that we use in cryptography are often highly secure in their operation, it is often the implementation that lets them down. A recent paper identified problems with the MEGA cloud platform [paper][Web][1]:
In this paper, researchers were able to crack the RSA private key in just 512 attempted logins.
MEGA Part 1
The analysis relates to MEGA, and which is a massive cloud infrastructure which uses User-Controlled end-to-end Encryption (UCE), with over 250 million registered users and 1000 PB of stored data. Overall, the paper does not have just one attack, but five:
- RSA Key Recovery: This recovers a user’s secret key using 512 attempted logins.
- Plaintext Recovery: This recovers all the related encryption key material, and which can be used to decrypt all of the communications and files related to a user.
- Framing: This can create files within a user’s storage area, and which cannot be differentiated from the ones that have been uploaded in a genuine way.
- Integrity: This is similar in scope to the framing attack, but less sophisticated.
- GaP-Bleichenbacher: This crack RSA encryption using a modified Bleichenbacher method.
The key generation method is outlined in Figure 1. It involves an initial password, and which derives an authentication key (used to authenticate the user) and an encryption key (which is used to encrypt a master key, and which is used to encrypt all the other related user content). The keys are an RSA key pair (for data sharing), Curve25519 key pair (for messages), and an Ed25519 key pair (for signing keys). Every file or folder is then encrypted with a node key, and where all of the keys are encrypted with AES ECB with a master key and stored on MEGA’s servers. A password can then be used to regenerate all of the keys.
