So your files are truly encrypted before upload...? #124
Replies: 3 comments 1 reply
-
|
Hello, It seems that you have done your research and have viewed our white paper (more information in the MEGA Security White Paper: https://mega.nz/SecurityWhitepaper.pdf) So please allow us to reiterate: All files stored on MEGA are encrypted by your computer/phone/device. All data transfers from and to MEGA are also encrypted. Unlike the industry norm where the cloud storage provider holds the decryption key, with MEGA you control the encryption, you hold the keys, and you decide who you grant or deny access to your files, without requiring any risky software installs. The encryption occurs in your web browser/device! The nominated and confirmed password for your MEGA account is your unique master encryption key to your files. You could have noticed this being created upon your 'confirmation email' validation. The encryption key gets created from your password and to strengthen the key we have collected the entropy from your mouse movements and keystroke timings. Remember to keep your MEGA password secure and confidential at all times and generate your Recovery Key for the event of misplacing your password in the future - https://mega.nz/keybackup. We are not sending the password across the net. The server sends an encrypted RSA private key that gets decrypted by the password. Then, the server sends a random number encrypted to the user's public key. With our Zero-knowledge encryption, data being uploaded is encrypted on the uploading device before it is sent out to the Internet, and data downloaded is decrypted only after it has arrived on the downloaded device. The client machines are responsible for generating, exchanging and managing the encryption keys. MEGA's encryption model does not require any usable symmetric or private keys to ever leave the end user's computer (with the exception of RSA public keys). |
Beta Was this translation helpful? Give feedback.
-
|
I appreciate the reply - sorry I (maybe) made you type all that. I also emailed you guys a while back and this was essentially the information I was given by the rep. I guess I have no reason to be worried and that really most issues can occur due to user error (forgetting to sign out etc.)... |
Beta Was this translation helpful? Give feedback.
-
|
No worries, let us know if you have further questions. If it´s account-status-related issues, it will be better for you to contact us via email at [email protected]. |
Beta Was this translation helpful? Give feedback.
-
|
Now to get a little technical. That might not be the best way to do this, but these results seem like more proof to me. |
Beta Was this translation helpful? Give feedback.
-
Hi.
I'm sorry if this question/topic is rather unusual or redundant. I've been hearing things left and right about MEGA's encryption claims - some people don't believe it online it seems - and figured that in order to really verify for myself, I'd have to look at the source.
What I know and understand, to put it simply, is that you can't read anything without the key, and that requires a password; or when it comes to a file share... just the link and decryption key... makes sense (I mention this as people on a couple places like Reddit are skeptical about the whole copyright stuff). I've also read the security whitepaper, specifically the file encryption section.
I took a somewhat brief look, but it looks to me like there's definitely some cryptography stuff in the code here, of course. So, I guess MEGA's claims of zero-knowledge are accurate? I guess this mostly settles the "back of the mind" feeling I have, but I still need to look into it a bit more (maybe). I do appreciate this being open-source.
(Of course I can encrypt them on my own before upload, but that's a little different from what I am talking about here.)
Beta Was this translation helpful? Give feedback.
All reactions