MegaCracker tool could reveal Mega passwords

https://twitter.com/Sc00bzT/statuses/293148211445641216

A security researcher has found a cryptographic flaw in the Mega cloud service that could reveal user passwords.

The Mega cloud service was launched on Monday.

Cryptography boffin Steve Thomas is designing a tool dubbed MegaCracker that would crack hashes embedded into email confirmation links sent from Mega to users as they register for the service.  "A hash of your password is in the confirmation code. Cost is 65536 AES/password plus 1 AES/user. Which is very fast," Thomas wrote on twitter. Thomas has not yet completed the tool and did not say how dangerous the threat was: the confirmation emails would need to be intercepted before passwords could be cracked.