Mega says it can’t decrypt your files. New POC exploit shows otherwise.

submitted by [deleted] from arstechnica.com

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]SoCo 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

The new POC showed that probably, before MEGA fixed it, that they could have, if intentionally trying to for a long enough period of time, while you had logged in several hundred times.

Then, they explained, once they have your master key, you're kind of boned in many ways.

This, using a technique, malleability of RSA, that is largely under-mentioned for websites that display user content.