![]() I'm not super entirely clear on how this whole Mega system works, and maybe you understand it better, but is there a reason they couldn't have just run an Augmented PAKE between the client and the server to establish authentication and create a cryptographically secure transport for recovering key blobs, and then used any key-wrap encryption, like AES-SIV, based on any KDF of a password - ideally a second password - to encrypt the node keys themselves? I guess for some percentage of people (e.g., people who are logging in each time via Tails, and do it twice a day) this attack is acutely viable, but it surely can't be all users. Presumably, a user who is dedicated and uses the service on a daily basis might hit this through normal usage in a year and a half? That's definitely plausible, but how many users are initiating new logins each time? How many will just stay logged into the app and never login? I don't know what you'd have to do to convince someone to login 512 times via social engineering, either. If you're an interesting enough target to use this on, I don't see why the Mega server that delivers the javascript for encryption can't be compromised instead, and just harvest the passphrase when it's submitted to login the first time? I have a Mega account and I think I've logged in less than 50 times in the entire lifetime of my account, including when it was still controlled by Kim Dotcom. I think this attack is really interesting and novel, but 512 login attempts is pretty high. MEGA can recover a user's RSA private key by maliciously tampering with 512 login attempts. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |