Cypherpunks,
Reese asks if KOH is still 40 bit. No, I am not aware that it
ever was.
from the Giant Black Book of Computer Viruses:
QUOTE
KOH uses the ... (IDEA) to encrypt and decrypt data. IDEA uses a
16-byte key (that's 8 bits X 16 = 128 bits Reese - GLJ) to encrypt
and decrypt data 16 bytes at a time. KOH maintains three separate 16-byte
keys, HD_KEY, HD_HPP and FD_HPP.
In addition to the 16-byte keys, IDEA accepts an 8-byte vector
called IW as input. Whenever this vector is changed, the output of
the algorithm changes. KOH uses this vector to change the encryption
from sector to sector. The first two words of IW are set to the values of CX
and DX needed to read the desired sector with INT 13H. The
last two words are not used.
Since KOH is highly optimized to save space, the implementation
of IDEA which it uses is rather convoluted and hard to follow. Don't
be surprised if it doesn't make sense, but you can test it against
a more standard version written in C to see that it does indeed work.
Since a sector is 512 bytes long, one must apply IDEA 32 times,
once to each 16-byte block in the sector, to encrypt a whole sector.
When doing this, IDEA is used in what is called "cipher block
chaining" mode. This is the most secure mode to use, since it uses
the data encrypted to feed back into IW. This way, even if the sector
is filled with a constant value, the second 16-byte block of encrypted
data will look different from the first, etc., etc.
UNQUOTE
When I accessed KOH on my computer, my antivirus (McAfee) pointed
out that it was the KOH virus. I was even using a rather old virus
data file at the time. This means that the virus part of the KOH
needs work. It needs stealth methods and it might be necessary to
write a polymorphic virus generator tailored specifically to KOH to
evade the antivirus string scanners.
Yours Truly,
Gary Jeffers
BEAT STATE!!!!
Terrorists are fashion victims. They fail to dress for success.
Support the Head Foundation. Give all that you can.
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
