Skip navigation.

How to extinct humanity

teaching essential knowledge to tomorrows youth

Posts tagged with "virus"

cracking Gpcode

Tuesday, 10. June 2008, 10:47:37

, ,

Some days ago Kaspersky Lab anounced the challenge of cracking a RSA 1024-bit key, which is used for encrypting user files by a trojan horse. The victim is then offered to buy a decryption tool from the creator (vicious).

Along with antivirus companies around the world, we're faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge. We estimate it would take around 15 million modern computers, running for about a year, to crack such a key.

Of course, we don't have that type of computing power at our disposal. This is a case where we need to work together and apply all our collective knowledge and resources to the problem.

So we're calling on you: crytographers, governmental and scientific institutions, antivirus companies, independent researchers…join with us to stop Gpcode. This is a unique project – uniting brain-power and resources out of ethical, rather than theoretical or malicious considerations.


http://www.viruslist.com/en/weblog?weblogid=208187528

If you read the description of the malware on http://www.viruslist.com/en/viruses/encyclopedia?virusid=313444 you'll find out, that the files are actually encrypted with a RC4-cipher, and the key for that is encrypted with RSA in the trojan itself.

Knowing that there are several easier ways which should come to ones mind, than cracking they RSA Encryption within one year or more (depending on the amount of used computers).

  • RC4 has various shortcommings which should make it much more attackable than RSA

    RC4 falls short of the standards set by cryptographers for a secure cipher in several ways, and thus is not recommended for use in new applications.

    http://en.wikipedia.org/wiki/RC4#Security
    Remember that you know of most file types a always given file header.
  • On the forum which was setup by Kaspersky Labs "contrulguy2" describes what he calls "biggest-known-plain-text - attack", just throw a huge file at the malware, of which you have a backup and look what happens http://forum.kaspersky.com/index.php?showtopic=72179


Either there is some information missing or cracking the RSA-key is a bit stupid.

Since the malware deletes it's mainpart after encrypting your files and saves the encryption key only in RSA-encrypted form, you cannot debug it afterwards to gain access to the key.

No comments

Photos

IMG01R7I5Z52Q.jpgIMGONRKIW577Q.gifwinkel.jpgIMGDMMRA9L9VN.jpgIMGX72VE5IFON.jpgIMG1UUWGKHVMD.jpgIMGI94SCETWA3.jpgIMGBLIKHHPGVQ.jpgoptions.gifIMG4QS3VNQQ7Z.jpg

Deviantart Favoriten

Chemiestudent Weblog

    Google Searches

      Blödsinn