4 releases (2 breaking)
0.3.0 | Oct 18, 2024 |
---|---|
0.2.0 | Oct 17, 2024 |
0.1.1 | Oct 16, 2024 |
0.1.0 | Oct 16, 2024 |
#304 in Authentication
402 downloads per month
22KB
438 lines
mega-security-rs
An implementation of Mega's security whitepaper
Note: This implementation is for educational and research purposes only. No copyright infrigment was intended.
for usage example check tests/auth.rs
Some notes
- Mega does check for password security, this crate does not. I leave for whomever implements this crate to define what is a 'good password' or not.
- Mega uses 'mega.nz' to generate salt. As noted in the whitepaper, ideally this value would be an user identifier, so thats whats being used in this code. You can provide a 'domain' when creating the client though;
- The server uses a
HashMap<String, Client>
to store registered users. Ideally you would code your own Server, or send a PR making the server be a trait of sorts. - This crate does not YET implement file or data encryption of any kind.
- The whitepaper does not elaborate on how sessions are stored or managed, The implementation seen on
Server
is just one of mine - The obfuscation process given by the whitepaper is a bit skecthy, but it should be implemented correctly
TODOs
- Ephemeral Accounts
- More tests
Dependencies
~6MB
~111K SLoC