In a new paper, @martinralbrecht, @M__Haller, Lenka Mareková, and I took a fresh look at @MEGAprivacy. TL;DR: we broke the fixed version with attacks that can recover user RSA private keys and file keys. Paper and more at: https://mega-caveat.github.io (1/16)
with quote tweet:
MEGA - Malleable Encryption Goes Awry: I'm excited to share details of some new research on the security of @MEGAprivacy. Details at: https://mega-awry.io (1/28)