Support new MEGA accounts

[ed-miller]

Hi, when I use my old Mega Accounts and login with this API, it works fine.

When I create a new Mega Accounts and try to login with this API, error coming: EEXPIRED (-8): The upload target URL you are trying to access has expired. Please request a fresh one.

It seems that new accounts using another type of login?

[qgustavor]

https://github.com/megous/megatools/issues/411

Temporary fix: create an account using megareg.

I already expected changes in the login code because the old code is a bit messed (multiple rounds of AES-ECB as key derivation and non-standard RSA to authenticate). What I don't expected are they breaking third party clients.

I will check what was changed. On megatools issue seems no one explained in detail what changed.

[qgustavor]

The changes are in this commit. Either they changed everything in a single commit or they squash all commits in one. Most lines that changes are HTML or CSS files.

Some important changes:

• As I expected the PBKDF function changed: now they're using PBKDF2-HMAC-SHA512. It's a good improvement because modern browsers already implement it using WebCrypto, improving performance; What I find strange is the number of iterations: it's 100,000 and according to them it should take 1-2 seconds, but if you edit the linked pen to use the same number of iterations it takes just less than 300ms to derivate the password key using WebCrypto. Seems they miscalculated this. I made safeme.ga in 2016 and it uses 256,000 iterations of PBKDF2-HMAC-SHA512 based on this answer from StackOverflow.
• Two factor authentication is now supported, a good improvement. Seems it's not hard to implement it: just check if the account requires it, ask the user for the token and send it when logging in;
• The email address isn't used anymore as a salt to the password KDF, instead they use a random 128 bit salt and store it in their server. It makes changing account's email easier. In the other hand it allows account enumeration;
• In some parts of they code they used old and new to name the account versions instead of 1 and 2: maybe they will regret that if they want to release a version 3 in future;
• They have tweetnacl loaded in their website, but the new version still uses RSA. They could use Ed25519 to save space and avoid using that non-standard RSA private key format;
• Salt generation seems messed: it first generates 128 random bits, then seems that it concats those bits with "mega.nz" and "P" repeated 193 times, then take the SHA256 of all of it; Dave, it's you?
• Messy code strickes again: there are typos like "Cronvert"; they're converting to base64 as a middle step base64_to_a32(ab_to_base64(arraybuffer)) (can't they use new Int32Array(arraybuffer)?); There's a check in the middle of the login code to check if the user loaded MEGA from Google cache;

What needs to be implemented:

• PBKDF2: On Node just use the crypto module. I think I will remove the Storage class from the browser version as I don't think it's safe to use a MEGA client on third party website;
• Support the new account endpoints and change the login code to use those;
• Add support to two factor authentication: a possible solution can be using new Storage({email, password, twoFactorToken) and throwing an error if twoFactorToken is undefined and the account uses two factor authentication;
• Update tests and the (still unpublished) mock server;

I will try to finish implementing the mock server. At this time I think people from megatools will already have fixed issue 441. Then I can save some time by just checking what they changed and re-implementing it here.

[ghost]

People from megatools like your analysis of the changes. :) And it looks like that sans two factor auth, at least the login flow in megatools could be made compatible with the new API, without too many changes, and without any UI changes.

I suspect that the registration flow also changed, so that will probably not be supported in megatools anytime soon.

[qgustavor]

MegaApiClient (written in C#) supports new accounts since this commit. It was quite simple to implement.

I think MEGA will allow changing iteration count in future. It's quite simple to implement: just add this value to the "us0" request response on login and store iteration count when signing up or changing passwords. It will allow users make their accounts more secure at the spent of taking more time to login.

@megous Registration flow changed. Most changes are here. Other change in a later commit is that passwords with white spaces in the start or end are not allowed when signing up (here).

I'm not in a hurry to implement those changes on mega-js as megareg is still working. I don't know for how long it will keep working: MEGA might just drop support for V1 registration flow because it's "less secure".

[qgustavor]

For some reason I fell fixing this was easier than I expected...