Dave Korn dave.korn at artimi.com
Wed Jun 11 15:19:07 EDT 2008

Leichter, Jerry wrote on 11 June 2008 20:04:

>>   Why are we wasting time even considering trying to break the public
>> key? 
>>   If this thing generates only a single "session" key (rather, a host
>> key) per machine, then why is it not trivial to break?  The actual
>> encryption algorithm used is RC4, so if they're using a constant key
>> without a unique IV per file, it should be trivial to reconstruct the
>> keystream by XORing any two large files that have been encrypted by the
>> virus on the same machine. 
> This is the first time I've seen any mention of RC4.  *If* they are
> using RC4, 

  According to this entry at viruslist.com:
which I found linked from the analyst's diary blog, 

"The virus uses Microsoft Enhanced Cryptographic Provider v1.0 (built into
Windows) to encrypt files. Files are encrypted using the RC4 algorithm. The
encryption key is then encrypted using an RSA public key 1024 bits in length
which is in the body of the virus."

  According to this thread on the gpcode forum:
the readme.txt files containing the ransom key are identical in every
directory on the infected computer, suggesting that there is indeed a unique
per-host RC4 key.

  According to 
every file encrypted by the virus grows by 8 bytes, so it looks like it uses
an IV.  But that didn't help with WEP...

Can't think of a witty .sigline today....

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list