[megawatthours]

> would have to know the hash of the file which requires them to already know the contents of the file

That is incorrect. Knowing the hash does not mean you know the contents of the file. You should generate encryption keys randomly, preferably using a secure random method such as that shipped with SJCL, rather than JavaScript's random API.

[NoFile]

Unfortunately it's required for the file deduplication. Although it slightly degrades the security it's not serious enough to impose any security risks as the attacker would already have to know the hash of the file which almost always requires them to know the contents of the files.

Random strings and numbers are also securely generated through a CSRPNG with window.crypto.getRandomValues().