Thursday, December 11, 2014

QUICKFIX - New version 0.9 to correct bug

MEGA is doing some changes in their SSL certificates. It seems that they are quitting SSL3 because of the POODLE bugs, so it causes problems with MegaUplaoder 0.7/0.8

I am releasing version 0.9 in order to correct it.

If you want to try it, please download it here. If nobody reports connection problems, I will put it in the download page.

Thanks for your patience.

Wednesday, June 12, 2013

Bugs in MegaUploader

I am receiving many comments and mails about some issues in MegaUploader:

Error uploading files
If you get an error saying "MEGA could not generate a File ID, it is necessary to restart the upload", then you have to "Restart the upload" and then click on "Restart". This is a bug in MEGA that is ocurring too often in the last days (MEGA, please fix it!!!). There is nothing we can do, except retrying to upload the file :(

All files go to the root
If you upload a folder, all files will go to the root, instead of maintain the folder structure. This is not implemented yet, but will be in the future.

MALFORMED_ATTRIBUTES
If you upload a file with "strange" characters (diacritics, etc) you may see this inside MEGA.
You can rename the file again, but it's very annoying.
I am developing a new version that fixes it, if you want to try, download it here: MegaUploader DEV VERSION 0.8

Saturday, April 6, 2013

Uploading to MEGA: the CPU bottleneck in VPS/servers

Many people have reported that they get slow speed uploading to MEGA - both using the browser or by using MegaUploader.

The test machine I use is a "4-years-old" Q6600, 4 cores, with a 5Mbps upload connection. It uploads at maximum speed (600KB/s).
However, I had access to a VPS recently, and I did some tests. Althogh it has a 1Gbps shared connection, it never gets more than 300KB/s per file. It was very strange.

With just one file, the upload speed was 350KB/s, with peaks of CPU of 80% - the VPS has only 1 core. However, uploading 2 files at the same time, it uploaded about 700KB/s, with the CPU at 80% with peaks of 100%! Trying to upload 3 files was a terrible idea. Yeah, I got (a unstable) 1MB/s upload speed, but the CPU was always at 100%, and the VPS was slooooow. I was kicked several times from RDP.

After some tests and traces, I arrived to a conclusion: the CPU is a BIG bottleneck!

Information is uploaded to MEGA in chunks of 1MB (well, technically the firsts chunks are smaller and then they get a size of 1MB).
MegaUploaders creates a thread for each file being uploading. Each thread ciphers a chunk (applies an AES cipher) and the creates a parallel task to upload that chunk. Meanwhile, it starts to cipher the next chunk. Once the next chunk is codified, it waits the upload thread to finish - in this way a queue is avoided, so memory usage is always low. As you can see, there are a lot of threads, and if you have a multi-core processor, it will be great.

With home connections, the bottleneck is the upload process. While the chunk is being uploaded, another thread is ciphering the next chunk. Once it is ciphered, it waits until the upload thread is free. In this way the CPU works, and then waits. That's the reason you see "CPU peaks" if you look at the task manager. Home PCs have normally two or more cores (nowadays is strange to have a CPU with just one core), and the upload speed is terrible, so MegaUploader squeezes the connection: if the CPU is faster ciphering each chunk than uploading it, the bottleneck is your conneciton.

However, with a VPS (a cheap one), we have the opposite case. Normally, the VPS may have just one core, or if you get a dedicated low-end server (like a Kimsurfi) you have an Atom core... with a 100Mbps upload speed - or maybe 1Gbps connection!

This means that the upload process is very fast... but the ciphering process is not. So the CPU doesn't have to wait the upload thread to finish - it is always working, and the upload process has to wait! And with just one core, the more threads you create - aka the more files you upload, the more context changes there are - and the VPS gets slower.

So, to sum up, uploading to MEGA requires not only bandwidth, but a lot of CPU. If you have a great upload connection, you will also need many Ghz and many cores in order to avoid a bottleneck.

If you use a cheap VPS/server to upload, you will experiment slow speed and high CPU consumption.

On my side, I will check the CPU consumption during the ciphering process - most of the cycles are consumed, not for ciphering the data, but for generating the CBC-MAC code, a 16 bytes key that is necessary when uploading the file - if that CBC-MAC is not correct, you get the famous "decryption error" when downloading. Maybe I will be able to improve the performance of that process. I hope it ;)

Sunday, March 31, 2013

Link protection and stop/resume uploads coming soon!

MegaDownloader 0.7 is under development, with two interesting features:
  1. Link protection, using ELC (Encrypted Link Container):
    This method will protect links (people will be able to download files but won't be able to see the original MEGA link) and will offer copy protection: only people from the community will be able to download the files, so you will be able to avoid people "stealing" your links.
    For more info (and some examples), read here: "Understanding mega:// links".
  2. Stop/resume uploads:
    Many people asked for it. Finally, version 0.7 will offer this interesting feature.
    Please take into account that it is new so if you find any problem, report it inmediately!
Do you want to test it?

If so, please take into account that it is still under development, so please report any problem encountered!
Download MegaUploader 0.7 Release Candidate

Saturday, March 16, 2013

Pre-Shared Keys and Key Watermarks [English]


From version 0.2, MegaUploader allows to enter a "Pre-Shared Key" when uploading, and from version 0.6, it allows to enter up to 2 "Key Watermarks".

In this article these concepts will be explained, what are they and how you can use them.

Introduction


MEGA file links has the following estructure: ! + FileID + ! + FileKey (44 characters).
If you miss the FileKey, you can still try to download the file (because you have the FileID), but the file content and name can't be retrieved - they are ciphered with the FileKey!

[Technical information, skip this paragraph if you don't understand]
The FileKey is a (modified) Base64 text string, this is, each character has the possible values of A-Z, a-z, 0-9, and two characters "-" and "_". We say modified because the "formal" Base64 encode uses "+" and "/" instead of "-",  "_", and put "=" at the end of the string if necessary.
Each Base64 character represents 6 bits of information, so the 44 characters represent a key of 256 bits (44 * 6 is a little bit more, 264 but only 256 bits are used), that is, 32 bytes.

The FileKey is generated randomly each time you upload a file. When uploading, a hash (if you don't understand what is a hash, it is something as a "signature") is calculated with the file content, and this hash is append to the FileKey (that hash is called "CBC MAC"). The hash is inserted at the end and in the middle of the FileKey, so if you divide the FileKey in 4 (more or less 11 characters each chunk), the first and third chunk is the original key, and the second and fourth chunk contains the hash.

If you know the original key but doesn't have the hash (CBC MAC), you will be able to download the file, but a Decryption Error will be displayed using MEGA webpage - because the hash can't be verified.

Key Watermarks

We have said that the hash is contained in the second and fourth chunk of the FileKey. This hash is calculated during the upload process, and involves an cryptographic ciphering of the file content. For that reason the hash will depend on the file, each file will have a different hash and we can't predict its value.

However, we can predict the value of the first and third chunk of the FileKey. You can modify its value and put whatever you want!

For that reason, you can insert up to 2 "Key Watermarks" in MegaUploader: one at the beginning of the key, and another one at the third position. You can only use some basics characters in that Watermark: alphabetical letters, numbers, and the "-" and "_". You can't use @, slashed, or other signs.

For example, this file was uploaded using Key Watermarks: the first one is "0123456789" and the second one is "9876543210":

https://mega.co.nz/#!OFEQ0Y4Z!0123456789wVrs6n7Jyx8-9876543210nkI8MA5Gf4g

If you don't specify any Key Watermark, the FileKey will be calculated randomly. But if you specify it, that text will appear in the FileKey!!

So, to sum up, the Watermark allows you to specify the first and third chunk of the FileKey and put your personalised text.

 

Pre-Shared Keys

A Pre-Shared Key has the opposite concept of the WaterMark.
In the WaterMark you specify the final value of the FileKey, after the hash calculation.
But in a Pre-Shared Key you specify the original value of the FileKey, before calculating the hash.

The target of a Pre-Shared Key is to allow sharing a link without the FileKey, only with the FileID. In that way you can share multiple links, all with a common password: the Pre-Shared Key.

When downloading the file with MegaDownloader, the program will calculate the FileKey with the Pre-Shared Key, and will be able to download and decrypt the file content.

As you can imagine, the hash value is lost - we don't have the FileKey! MegaDownloader will still be able to decrypt the content and download the file.
Of course, you can share the complete link with the FileKey as a normal link :) If you do, note that the FileKeys of all files will have a similar structure: the first and third part of the password will be the same, and only the second and fourth part will be different - because of the hash, which is unique for all files!

For example, consider this link:

https://mega.co.nz/#!yI00XQwY

You don't have the key, so you are unable to download it...  now, open MegaDownloader, go to the Configuration, Pre-Shared Keys, and put "Lorem Ipsum" as a key. Save and try to download it.
You will be able to do it!

Security Concerns

At the beginning we said that the FileKey was generated randomly for each file.
Using the Pre-Shared Keys or the Key Watermarks, we generate a non-random FileKey: all the files using the Pre-Shared Keys will use the same password as the original "seed", and all the files using the Watermark will contain the same text in the FileKey. So the key to decrypt each one of these files is less secure than an unique-randomly-created key!
For that reason it is not recommended to use these features. Use them only if you know really what you are doing, and if the security is not your main concern.

Conclusion

MegaUploader Watermark feature allows you to specify the first and third chunk of the FileKey and put your personalised text.
The Pre-Shared Key feature allows you to share only the link with the FileID, so users with the Pre-Shared Key will be able to download it using MegaDownloader, even if they don't have the FileKey.
These features reduce the FileKey security so they should only be used when security is not a main concern. If not, it is recommended not to use them.

Thursday, February 28, 2013

Contribute [English]


MegaUploader is completely free and has no ads.

If you are satisfied with MegaUploader and want to help MegaUploader improve or motivate the development of other quality programs, any amount of donation small or large will be welcome and gratefully appreciated.

Thanks! :)





You cand also send me some Litecoins, if you prefer!

LTC Wallet: LXDHPf3TH582fsDdkynP1iMBRjdN5LisqF

Colabora [Castellano]

MegaUploader es una aplicación totalmente gratuita, sin publicidad.

Si te ha sido útil, y quieres colaborar en el desarrollo para mejorar MegaUploader, o para el desarrollo de nuevas aplicaciones, cualquier donación, grande o pequeña, será bienvenida :)

¡Muchas gracias!




Si lo prefieres, también puedes enviarme algunos Litecoins! ;)

Cartera LTC: LXDHPf3TH582fsDdkynP1iMBRjdN5LisqF