Subject: Re: support claims that `megatools` is not safe to use because of its crypto implementation
From: Ondřej Jirman
Date: Sun, 19 Jul 2020 00:52:08 +0200

On Sun, Jul 19, 2020 at 12:27:39AM +0200, Daniel wrote:
> Hi Ondrej!
> I have a quick question about `megatools`. I had a conversation with
> mega support regarding some other issue, and I mentioned using
> `megatools` for download and upload from and to my mega account. And
> they replied with the following.
> >Megatools is a third party software which has not been authorized by
> >MEGA Ltd. This software is NOT safe to use as it doesn't do crypto
> >correctly! It is not based on our official SDK, so it does not operate
> >correctly in all circumstances (e.g. when shared folders are
> >involved). Also, these tools cannot detect your quota and could limit
> >your bandwidth. Ensure you are using our official SDK and products if
> >you want to ensure the integrity of your data
> >

Interesting. :)

> I wanna ask, is there any substance to their claim about wrong
> cryptography implementation or is it just marketing pushing for their
> own solution? I suspect the latter is more likely, but I wanted to ask
> anyway. And I don't care about shared folders or bandwith limit.

It uses the same crypto their web app uses. It just doesn't implement
some features (writing to shared folders, eg.), but that doesn't affect the
safety of the data.

Quotas are not checked proactively, megatools just warns/errs out if
rejects something, when quota is crossed.

> I've been a happy user of `megatools` for years and intend to keep it
> that way. Thank you for your FOSS work!


thanks and regards,

> Cheers,
> Daniel