On Wed, Jun 11, 2008 at 11:53:54AM -0400, Leichter, Jerry wrote:
> Returning to the point of the earlier question - why doesn't someone
> pay the ransom once and then use the key to decrypt everyone's files:
> Assuming, as seems reasonable, that there is a "session" key created
> per machine and then encrypted with the public key, what you'd get
> for your ransom money is the decryption of that one session key.
> Enough to decrypt your files, not useful on any other machine.
>
> There's absolutely no reason the blackmailer should ever reveal the
> actual private key to anyone (short of rubber-hose treatment of some
> sort).
Maybe I missed it in one of the articles, but was it stated that the
blackmailer did reveal a private key? Couldn't they simply request
the encrypted data and return the decrypted version?
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP([EMAIL PROTECTED]); IRC([EMAIL PROTECTED]); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER([EMAIL PROTECTED]);
MUD([EMAIL PROTECTED]:6669); WWW(http://fungi.yuggoth.org/); }
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
