On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote: > The key size would imply PKI; that being true, then the ransom may > be for a session key (specific per machine) rather than the > master key it is unwrapped with.
Per the computerworld.com article: "Kaspersky has the public key in hand ? it is included in the Trojan's code ? but not the associated private key necessary to unlock the encrypted files." http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818 This would seem to imply they already verified the public key was constant in the trojan and didn't differ between machines (or that I'm giving Kaspersky's team too much credit with my assumptions). -- { IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); SMTP([EMAIL PROTECTED]); IRC([EMAIL PROTECTED]); ICQ(114362511); AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER([EMAIL PROTECTED]); MUD([EMAIL PROTECTED]:6669); WWW(http://fungi.yuggoth.org/); } --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
