The Fungi wrote:
On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
The key size would imply PKI; that being true, then the ransom may
be for a session key (specific per machine) rather than the
master key it is unwrapped with.
Per the computerworld.com article:
"Kaspersky has the public key in hand ? it is included in the
Trojan's code ? but not the associated private key necessary to
unlock the encrypted files."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818
This would seem to imply they already verified the public key was
constant in the trojan and didn't differ between machines (or that
I'm giving Kaspersky's team too much credit with my assumptions).
Sure. however, if the virus (once infecting the machine) generated a
random session key, symmetric-encrypted the files, then encrypted the
session key with the public key as part of the "ransom note" then that
would allow a single public key to be used to issue multiple ransom
demands, without the unlocking of any one machine revealing the "master
key" that could unlock all of them.
giving away your entire extortion capability to the first person to pay
up doesn't seem sane, if you could as easily make each machine a unique
proposition...
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]