| Why are we wasting time even considering trying to break the public key? | | If this thing generates only a single "session" key (rather, a host key) | per machine, then why is it not trivial to break? The actual encryption | algorithm used is RC4, so if they're using a constant key without a unique | IV per file, it should be trivial to reconstruct the keystream by XORing any | two large files that have been encrypted by the virus on the same machine. This is the first time I've seen any mention of RC4. *If* they are using RC4, and *if* they are using it incorrectly - then yes, this would certainly work. Apparently earlier versions of the same malware made even more elementary cryptographic mistakes, and the encryption was easily broken. But they learned enough to avoid those mistakes this time around. Even if they screwed up on cipher and cipher mode this time - expect them to do better the next time.
-- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]