Unless you have been unplugged from news sources in January, chances are you noticed the articles about the brand new Mega site launched by Internet celebrity Kim Dotcom. The site caught the attention of the Internet because of several factors. First, Dotcom himself is the subject of one of the largest copyright infringement suits ever, with the U.S. Government claiming that he made millions of dollars facilitating online piracy, a crime for which it seeks to extradite him to the States. Then, the fact that Dotcom has been so public about the whole deal, hyping that MegaUpload would be back with a new and revolutionary site called Mega, brought a lot of people to try and see whether this was such a new concept as Dotcom claimed. Besides the hype, what is most interesting to those in the IT community is a discussion about the security behind Mega. Is it as secure and private as the team at Mega claims, or is it filled with holes as some other articles have pointed out?

Now that the initial hype has died down, we can sit back and look at what is really going on behind Mega, and see whether it is worthy of notice. So, how does Mega work and what makes it so unique? The way the site describes it, when you sign up for an account at Mega, the password you use is also used as an encryption key, which will be used to encrypt a public/private key pair and keep everything you do on the site secret from everyone, including the Mega team itself. This is important because it’s different from how most other sharing or file repository sites work. If you store something on DropBox, SkyDrive, iCloud or any other popular file backup service, even if they offer encryption, typically they can always decrypt your data, because they are the ones doing the encryption, and as such, they have to have the keys. The only way to provide true protection is to use a desktop client which allows you to do the whole encryption routine locally, something few services offer as an option.

But what Mega has attempted to do is bring this encryption to the browser using JavaScript. Basically, the browser creates a unique private key for you when you initially create your account, and then encrypts it using a hash of your password, before storing it on the server. Then, every time you log into Mega, your browser is the one doing the encrypting and decrypting process using that password, which never leaves the local browser. This brings two very important benefits. First, you can be certain that, if everything was implemented correctly, your files are totally secure and no one at Mega can hand them over to the government or some other third party. Second, Mega is completely unaware of what people use their site for, and can wash their hands of the consequences.

The big issue however comes down to implementation. Doing crypto is hard, very hard, and a simple mistake can unravel the whole process. People have pointed at many such potential problems. The first one is entropy. In order to get a good enough private key, which is crucial for good encryption to take place, you need enough randomness when the private key is created. A browser might simply not be able to create enough entropy to make a safe private key, although this argument is mostly theoretical. There is no practical way to brute force this as of yet. The second argument is that your password is the only thing that keeps this private key secure, and to that the common answer is always the same: use a strong password. Also, do not forget your password, because since nobody else can decrypt your files, if you lose your password, you will not have access to any private file on Mega again.

Finally, perhaps the hardest argument to crack is the fact that the actual JavaScript code may have bugs in it. SpiderOak, a competitor to Mega, published an interesting analysis of the Mega JavaScript code, pointing to several potential problems. Another researcher published something called MegaCracker, which can actually crack easy passwords from the confirmation link sent from Mega, but this requires intercepting that email. Needless to say, there are a lot of potential risks and unanswered questions, but that did not prevent Mega from being very successful. The site was almost impossible to reach in the first couple of days under the massive load of people, and after a week they published a post saying that they had already fixed a few flaws including some XSS vulnerabilities. Still, their stance on security remains strong. Basically, according to the team, if you can’t break SSL, then you can’t break Mega security. Dotcom even posted a €10,000 bounty for anyone who could break their security.

So where does that leave the rest of us? Is Mega really something worthwhile? There is no question that the technology behind Mega is not new; other sites have done it for some time. But no large, popular site has done what they have attempted to do, using the browser to do all of the encryption so that data can be sent to a site and that data can remain completely private. There is no good reason why this couldn’t be done. JavaScript supports hashing, AES encryption, and everything required to do symmetric and asymmetric encryption. The advantages are significant, both for security (since hackers break into servers all the time) and for privacy with the types of laws that exist currently in the U.S. Most problems come from the fact that Mega is brand new and used untested code to do what it does.

Of course there is also a whole other “moral’ discussion going on about all the different ways criminals could use this type of service to operate in complete secrecy. I for one do not believe technology should be halted because of our fear of potential illegal uses, or judged too harshly there may be bugs at the outset — those things can be fixed. Much of the reporting on Mega so far has been pretty negative, but I tend to take a more positive view. The discussion that came out of Mega and the things that can be done with JavaScript encryption can only be a worthwhile result.