Encryption is good.
5 posters
Page 1 of 2
Page 1 of 2 • 1, 2
Encryption is good.
Nono, mister big in charge man, this isn't a giant FU in your face, this is just a way for us to uh.... play by your rules yeah that's it, you like making money and so do we!
Megaupload Is Dead. Long Live Mega!
I'm actually hoping this starts to change things on the Internet in terms of getting everyone used to using encryption for all sorts of things. Emails, chats, IMs, websites, file storage, etc, it's actually really simple to encrypt most stuff and doesn't require much, if any extra work.
I already encrypt everything I can just out of practice. Trillian encrypts all my chats for me automatically just in case Google or someone else decides to buy into one of the chat services I use then read all my IMs to serve me target ads (I'm lookin' at you Facebook!). My entire hard drive is encrypted with Truecrypt just because it makes life easier when I need to dispose of a drive (no need to erase it!). The funny part about Truecrypt is it actually makes read/write operations faster than an unencrypted drive in Windows. It's a great way to store your passwords securely too.
So yeah, encryption is good! Everybody needs to learn some encryption basics.
Megaupload Is Dead. Long Live Mega!
I'm actually hoping this starts to change things on the Internet in terms of getting everyone used to using encryption for all sorts of things. Emails, chats, IMs, websites, file storage, etc, it's actually really simple to encrypt most stuff and doesn't require much, if any extra work.
I already encrypt everything I can just out of practice. Trillian encrypts all my chats for me automatically just in case Google or someone else decides to buy into one of the chat services I use then read all my IMs to serve me target ads (I'm lookin' at you Facebook!). My entire hard drive is encrypted with Truecrypt just because it makes life easier when I need to dispose of a drive (no need to erase it!). The funny part about Truecrypt is it actually makes read/write operations faster than an unencrypted drive in Windows. It's a great way to store your passwords securely too.
So yeah, encryption is good! Everybody needs to learn some encryption basics.
Re: Encryption is good.
I have a few TrueCrypt encrypted files too. I find Dropbox to be invaluable for file-sharing and for reading stuff on my iPhone on the go. My Documents and Photos folders are synced via Dropbox, so I can easily view anything I want on the go. This is mostly important for documents, as it saves me the need for printing things.
Re: Encryption is good.
Very interesting. So it seems he's taking the "we're just supplying a service" angle, just like ISP's are doing atm. If they actually get this deal up and running then there's no doubt going to be challenges against it by many unenlightened individuals.
Shinja- Cookie Academy Member
- Number of posts : 128
Location : Scotland
Re: Encryption is good.
The way he's setting it up though, I don't think that would do anybody any good. It's plausible deniability at its best. With everything encrypted and the only key in the hands of the uploader, anything people put up there is completely out of his control. If he has no control over it, there's really not much anyone can do legally. But we'll see what happens.
What I'm hoping for is this gets everyone, even non techie people used to the idea of encryption, and then everyone can start using it everywhere. Which is good for security and privacy and such.
What I'm hoping for is this gets everyone, even non techie people used to the idea of encryption, and then everyone can start using it everywhere. Which is good for security and privacy and such.
Re: Encryption is good.
But it is my experience that most people don't bother with those types of things. Most people will just use excel's passwords thing for spreadsheets and not watch themselves online at all. It doesn't matter how smart you are; nobody really goes beyond what they know. If only Microsoft did a better job handling encryption within the OS.
Re: Encryption is good.
That's why this might get more people used to using encryption though. So many people used megaupload to quickly upload files... the new service might be so well known just because of that. Maybe it will be popular right off the bat?
Re: Encryption is good.
Not directly related to encryption, but sort of. This is a very interesting read about why passwords alone don't work to secure our accounts anymore:
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/
Re: Encryption is good.
http://www.bbc.co.uk/news/technology-21106584
Just a little update on this. I can't seem to get access to the site atm it seems.
Just a little update on this. I can't seem to get access to the site atm it seems.
Shinja- Cookie Academy Member
- Number of posts : 128
Location : Scotland
Re: Encryption is good.
50gb of free storage, wow. That's a lot. I'm very interested to see how many people adopt this.
So far, though, it seems there's an enormous interest in this service since I can't access the site either. It's being completely bombarded with people wanting to register.
I'm still hoping this paves the way for other online services to adopt encryption as a standard practice as part of their privacy policies. We need more encryption!
So far, though, it seems there's an enormous interest in this service since I can't access the site either. It's being completely bombarded with people wanting to register.
I'm still hoping this paves the way for other online services to adopt encryption as a standard practice as part of their privacy policies. We need more encryption!
Re: Encryption is good.
I can't either, and it's been roughly 11 and a half hours since Wonko's last post.
Looks totally badass.
Looks totally badass.
Re: Encryption is good.
I use encryption for my flash files =3
Wouldn't want anyone to backwards engineer anything would we!
Wouldn't want anyone to backwards engineer anything would we!
Re: Encryption is good.
Some people are claiming Mega isn't nearly as secure as it wants to be.
http://arstechnica.com/security/2013/01/cracking-tool-milks-weakness-to-reveal-some-mega-passwords/
http://arstechnica.com/business/2013/01/megabad-a-quick-look-at-the-state-of-megas-encryption/
http://arstechnica.com/security/2013/01/cracking-tool-milks-weakness-to-reveal-some-mega-passwords/
http://arstechnica.com/business/2013/01/megabad-a-quick-look-at-the-state-of-megas-encryption/
Trey- Pie Academy Member
- Number of posts : 108
Re: Encryption is good.
Security professionals have long considered it taboo to send passwords in either plaintext or as cryptographic hashes in e-mails because of the ease attackers have in intercepting unencrypted messages sent over Internet.
Despite that admonishment, the link included in Mega confirmation e-mails contains not only a hash of the password, but it also includes other sensitive data, such as the encrypted master key used to decrypt the files stored in the account. MegaCracker works by isolating the AES-hashed password embedded in the link and attempting to guess the plaintext that was used to generate it.
Yeah that's not smart. Come on guys, everybody knows e-mails are sent in plain text over the internet and readable by anyone. Don't put passwords in emails!
There's a lot of technical information in those links relating to how encryption algorithms like AES work and it may be a bit above some people's heads, so here's the tl;dr version:
They cut some corners in their implementation of a couple key aspects of the encryption technology they're using. Two main corners they cut:
First, relating to generating truly random data, which is absolutely vital to the encryption process. If any part of it is predictable (not random), it weakens the overall encryption. This is a problem, but is easily fixed and I expect they will.
Second, they also cut some corners in relation to storage, to save space, and they take some risks doing it the way they do it from a legal standpoint. Instead of creating the ideal system where they can claim complete ignorance over what people are storing (plausible deniability), they do certain things that save space, but also make it possible to tell if two people are sharing the same file. Assuming someone is using the service to share movies or music and such illegally, that could be bad. For sharing other types of files securely it's probably less of an issue though.
So, basically, it seems like the main weakness in the encryption itself can be easily fixed by generating better random data, and the algorithm they're using (AES-128) is very secure, assuming truly random data. Not sure what could be done about the other part though.
Re: Encryption is good.
Yeah that whole bit about saving storage space did stick out to me when I got round to reading their terms of service, seemed quite fishy indeed.
Shinja- Cookie Academy Member
- Number of posts : 128
Location : Scotland
Re: Encryption is good.
I guess it's the only way they can offer 50gb to each person with the cost of storage space currently, but it just seems like a bad idea for them to do that. They've already been sued out of existence once, why would they take a chance like that again?
... unless they're secretly working for the people who sued them out of existence previously?
... unless they're secretly working for the people who sued them out of existence previously?
Re: Encryption is good.
I'm not sure I understand. It says they're taking down publicly searchable content, but how does something become publicly searchable if it's all encrypted?
Is there some other website where people are posting links and the keys or something?
Is there some other website where people are posting links and the keys or something?
Re: Encryption is good.
While I wait for Trey to come back and clarify that, I have another link that is relevant to encryption stuff.
http://zackeryfretty.com/unmasking-saved-passwords-in-any-browser-seriously-use-1password-already/
Some of you may save passwords in your browser. It's apparently a really bad idea to do that as they aren't stored securely at all. Personally, I've been using the 1Password apps that guy is talking about for years on my desktop, iPhone, and iPad, and they're fantastic. They sync, and auto-filling my passwords into a website is a keyboard shortcut away. If you don't want to pay for 1Password, though, there are free alternatives out there and I strongly recommend you use them!
Ice, what's that free password utility you use?
http://zackeryfretty.com/unmasking-saved-passwords-in-any-browser-seriously-use-1password-already/
Some of you may save passwords in your browser. It's apparently a really bad idea to do that as they aren't stored securely at all. Personally, I've been using the 1Password apps that guy is talking about for years on my desktop, iPhone, and iPad, and they're fantastic. They sync, and auto-filling my passwords into a website is a keyboard shortcut away. If you don't want to pay for 1Password, though, there are free alternatives out there and I strongly recommend you use them!
Ice, what's that free password utility you use?
Re: Encryption is good.
I don't use a free password utility...what gave you that impression? I have all my passwords on a TrueCrypt encrypted partition, but I only look at that occasionally.
Re: Encryption is good.
Oh that must have been what I was thinking of. My bad. So that's another way of doing it, just adds some extra steps in there before you can get at your passwords.
Re: Encryption is good.
Browser passwords were never saved securely. I use KeePass. It is less integrated than 1Password(android app can't modify your database, no autofill, etc) but its also entirely free.
Re:Mega
Yes, there was a separate site that people would upload links/keys too in order to provide a searchable database. It was briefly mentioned in the article, Mega-search.me. There probably are other similar sites, but that was the one that the author's tested.
Re:Mega
Yes, there was a separate site that people would upload links/keys too in order to provide a searchable database. It was briefly mentioned in the article, Mega-search.me. There probably are other similar sites, but that was the one that the author's tested.
Trey- Pie Academy Member
- Number of posts : 108
Re: Encryption is good.
KeePass looks pretty awesome for a free password manager. I've read about it before but I had no idea it had mobile companion apps. Even if they are limited, that's pretty sweet for free. They list six iPhone apps in the downloads page that connect to the main desktop app. No idea which one is better.
Might be something you'd want to look into switching to, Ice. Might make managing your passwords much simpler.
As far as Mega goes... looks like the guy behind it is trying to keep it a private sharing service instead of a public one. It's an interesting move... motivated by legal concerns maybe? I'm sure it won't be long before people start hiding those keys behind forum threads that require a login, if they aren't already doing that.
Might be something you'd want to look into switching to, Ice. Might make managing your passwords much simpler.
As far as Mega goes... looks like the guy behind it is trying to keep it a private sharing service instead of a public one. It's an interesting move... motivated by legal concerns maybe? I'm sure it won't be long before people start hiding those keys behind forum threads that require a login, if they aren't already doing that.
Re: Encryption is good.
The iTouch app I use is MiniKeePass. I have my database file stored in dropbox to keep it in sync.
Trey- Pie Academy Member
- Number of posts : 108
Re: Encryption is good.
Does it autosync using the database file, or do you have to manually sync? And does it integrate with web browsers at all? For auto-filling passwords and forms and such? What about on iOS, does the app have a built in browser so you can have it auto fill forms, or do you just copy and paste?
Also, just out of curiosity, did you choose encrypt your database file using AES or Twofish?
Also, just out of curiosity, did you choose encrypt your database file using AES or Twofish?
Re: Encryption is good.
Dropbox automatically syncs it. There are apps to integrate it with web browsers(http://keepass.info/plugins.html) but I do not personally use any of them. I just copy and paste.
My database file is encrypted with AES.
My database file is encrypted with AES.
Trey- Pie Academy Member
- Number of posts : 108
Page 1 of 2 • 1, 2
Similar topics
» What's a good name for this map?
» Good old hydro...
» Amazingly good Ninja has arrived
» Would Joe Rogan make a good Captain Kirk?
» Good old hydro...
» Amazingly good Ninja has arrived
» Would Joe Rogan make a good Captain Kirk?
Page 1 of 2
Permissions in this forum:
You cannot reply to topics in this forum
|
|