Dave Korn dave.korn at artimi.com
Wed Jun 11 14:37:42 EDT 2008

Dave Howe wrote on 11 June 2008 19:13:

> The Fungi wrote:
>> On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
>>> The key size would imply PKI; that being true, then the ransom may
>>> be  for a session key (specific per machine) rather than the
>>> master key it  is unwrapped with.
>> Per the computerworld.com article:
>>    "Kaspersky has the public key in hand ? it is included in the
>>    Trojan's code ? but not the associated private key necessary to
>>    unlock the encrypted files."
>> This would seem to imply they already verified the public key was
>> constant in the trojan and didn't differ between machines (or that
>> I'm giving Kaspersky's team too much credit with my assumptions).
> Sure. however, if the virus (once infecting the machine) generated a
> random session key, symmetric-encrypted the files, then encrypted the
> session key with the public key as part of the "ransom note" then that
> would allow a single public key to be used to issue multiple ransom
> demands, without the unlocking of any one machine revealing the "master
> key" that could unlock all of them.

  Why are we wasting time even considering trying to break the public key?

  If this thing generates only a single "session" key (rather, a host key)
per machine, then why is it not trivial to break?  The actual encryption
algorithm used is RC4, so if they're using a constant key without a unique
IV per file, it should be trivial to reconstruct the keystream by XORing any
two large files that have been encrypted by the virus on the same machine.

  This thing ought to be as easy as WEP to break open, shouldn't it?

Can't think of a witty .sigline today....

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list