Mega Uses Random Data From Your Mouse And Keyboard To Beef Up Its Already Insane Encryption

Kim Dotcom's newly launched Mega is determined not to get screwed over by the US feds the way MegaUpload did, and the trick is encryption, lots of encryption. Mega's really going that extra mile too; it's using your random mouse and keyboard data to strengthen your crypto keys.

Cryptography relies on having complex keys to encrypt you data and obviously those keys should be random. But if you know anything about computers, you know they're horrible at generating random numbers. They just can't do it. Instead, they'll take obscure variables like your computer's clock time, and spin those out into something pseudorandom. If somehow you can find out the variable though, it's not random at all.

Mega's taking that a step further by adding you to the equation; the way you twitch your hand on the mouse, or how you type out your username will get wrapped into your cryptokeys as well. And those are variables that are unlikely to be traced and damn near impossible to reproduce. Stuff like this isn't unheard of, but it goes a long way to show how serious Mega is about security. And that should come as no surprise since all that encryption is there to protect Mega more than it is to protect you. And with precautions like this, how could it not?


    Is everyone else still unable to access mega?

    me too, seems everyone wants their free 50gb

    Use https if your having trouble getting in.

    Might take a couple of times but it works.

      Best advice! I'd never have made it in with out it!

    Is anyone able to explain, if you encrypt something, usually you need to decrypt it to make it usable.. I'm know I'm missing something here but if data gets encrypted by almost an impossible combination (using values from keystroke and mouse movement) how would that then be decrypted?

      I believe the encryption is to protect your files from MEGA, based on a previous article it means that with the encryption MEGA cannot read the files so cannot tell what you are uploading to protect themselves.

      A complicated key just means that anyone who doesn't have the key will be unable to decrypt the data. Mega do not keep a copy of your key. If you lose the key then you effectively have lost your data.

      There's two sides to the encryption. There's the algorithm being used, and the key used to extract it. Without going into some of the really technical stuff (because I don't know all of it).
      You can encrypt something in a more complex way, and use a simpler key to extract it.
      IE you can encrypt something using the key "mypassword" and receive an encrypted file in response.
      You can then decrypt that file with the password, or brute force the file to extract the contents without knowing the password.
      It's possible to use something else in the encryption process (like mouse movement data) to increase the strength of the encryption so that it can ONLY be extracted using the password.

    I reckon it might not even be that the US was worried about copyright protection and more that Megaupload didn't want any surveillance on their service. Now he has to go hard at encryption.

Join the discussion!

Trending Stories Right Now