Ransomware
Dave Howe
DaveHowe at gmx.co.uk
Wed Jun 11 14:13:25 EDT 2008
The Fungi wrote:
> On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
>> The key size would imply PKI; that being true, then the ransom may
>> be for a session key (specific per machine) rather than the
>> master key it is unwrapped with.
>
> Per the computerworld.com article:
>
> "Kaspersky has the public key in hand ? it is included in the
> Trojan's code ? but not the associated private key necessary to
> unlock the encrypted files."
>
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818
>
> This would seem to imply they already verified the public key was
> constant in the trojan and didn't differ between machines (or that
> I'm giving Kaspersky's team too much credit with my assumptions).
Sure. however, if the virus (once infecting the machine) generated a
random session key, symmetric-encrypted the files, then encrypted the
session key with the public key as part of the "ransom note" then that
would allow a single public key to be used to issue multiple ransom
demands, without the unlocking of any one machine revealing the "master
key" that could unlock all of them.
giving away your entire extortion capability to the first person to pay
up doesn't seem sane, if you could as easily make each machine a unique
proposition...
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list