Some interesting points:<p><pre><code> All cryptographic operations involving symmetric or
private keys are performed on the client side
Each general filesystem node (files/folders) has an
encrypted attributes object attached to it, which
typically contains just the filename.
All symmetric cryptographic operations are based on
AES-128.
Each file and each folder node uses its own randomly
generated 128 bit key. File nodes use the same key
for the attribute block and the file data, plus a
64 bit random counter start value and a 64 bit meta
MAC to verify the file's integrity.
Each user account uses a symmetric master key to
ECB-encrypt all keys of the nodes it keeps in its own
trees. This master key is stored on MEGA's servers,
encrypted with a hash derived from the user's login
password.
In addition to the symmetric key, each user account
has a 2048 bit RSA key pair to securely receive data.
Its private component is stored encrypted with the
user's symmetric master key.
MEGA supports secure cross-account access to folders.
MEGA supports secure unauthenticated data delivery. Any
fully registered user can receive files or folders in
their inbox through their RSA public key.
(MEGA) is also our first JavaScript project</code></pre>