Conflict-magnet and MegaUpload creator Kim Dotcom is back in the news, pushing out a challenge from his New Zealand refuge to those who have criticized the cryptography used in his just-launched Mega cloud storage service.
Dotcom said that he would pay a €10,000 reward to anyone who can break the service's encryption.
"Mega's open source encryption remains unbroken! We'll offer 10,000 EURO to anyone who can break it," Dotcom said in a message on Twitter Thursday.
The challenge comes in the wake of several news reports that detailed potential holes in Mega’s cloud storage security mechanisms, which are mainly network- and bowser-based. “The cloud storage market is dominated by players that do not take advantage of cryptography beyond HTTPS and server-side encryption,” wrote Dotcom, in a blog post. “Since we set out to improve this rather dissatisfying situation three days ago, some news outlets have made attempts to dismantle our crypto architecture. Frankly, we were not too impressed with the results and would like to address the points that were raised.”
Dotcom went on to respond to the naysayers in a point-by-point rebuttal of each critique.
"So Mega, or anyone else who gains control of the Mega server sending the crypto algorithms, can turn off that encryption or steal the user's private key, which would allow decryption of all past and future uploads,” Forbes wrote.
Dotcom acknowledged that this is the case, but reposnded, “Any software maker offering online application updates is able to plant Trojan code into specific targets' computers, with much more far-reaching consequences.”
Forbes: "If you can break SSL, you can break Mega."
Dotcom: “Yes. But if you can break SSL, you can break a lot of things that are even more interesting than Mega.”
Read more: http://www.infosecurity-magazine.com/view/30553/kim-dotcom-issues-10k-crypto-challenge-for-mega-cloud-storage-service/