A Brief Analysis of MEGA's Cryptography Implementation - Mon, Nov 1, 2021
A somewhat research related document about MEGA's cryptography.
[WARNING]
Data from this page has been redacted to comply with intellectual property contracts or non disclosure agreements with one or more client(s), I am willing to alter further information if needed. Please contact me before filing a claim.
[DESCRIPTION]
This paper offers an analysis of the cryptographic concepts that support the services provided by MEGA Ltd; A cloud storage provider known for its focus on user privacy. This document focuses on the key derivation systems used by MEGA to allow their users to share locally encrypted files with one another.
Since its creation, MEGA has gathered a lot of criticism for their use of the web crypto API. There has been debates concerning the resilience of the encryption techniques used to safeguard user data. In order to address this issue, MEGA has releases multiple statements and a well-made white paper which you can find linked at the bottom of this page.
Taking a look into MEGA’s underlying architecture was intriguing, mainly the way that the platform was set up in order to provide safe file sharing and storage while guaranteeing that users remain the only ones able to see the contents of their files. Understanding the architectural choices clarifies the differences between MEGA and similar services.
That being said, we cannot ignore the legacy of MEGA’s founder, Kim Dotcom. His prior legal troubles with Megaupload, an earlier file-sharing business, have had a non-negligeable effect on MEGA’s public perception of the service. These difficulties seem to have forged the company’s approach to regulatory compliance, user data management, and security procedures.