On 16/02/2015 20:39 pm, John Young wrote:
Kaspersky Q and A for Equation Group multiple malware program, in use early
as 1996. NSA implicated.
https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
Once we take the brave step of downloading the pdf, it adds yet another
indication [0] that the NSA is engaged in undeclared war against all and
any cryptographic suppliers:
page 21
Victims generally fall into the following categories:
* (usual industrual suspects...)
* Companies developing cryptographic technologies.
page 27
16. What kind of encryption algorithms are used by the EQUATION group?
The Equation group uses the RC5 and RC6 encryption algorithms quite
extensively throughout their creations. They also use simple XOR,
substitution tables, RC4 and AES.
RC5 and RC6 are two encryption algorithms designed by Ronald Rivest in
1994 and 1998. They are very similar to each other, with RC6 introducing
an additional multiplication in the cypher to make it more resistant.
Both cyphers use the same key setup mechanism and the same magical
constants named P and Q.
The RC5/6 implementation from Equation group’s malware is particularly
interesting and deserves special attention because of its specifics.
(followed by discussion of an optimisation found that also allowed some
degree of tracking to other APT groups.)
iang
[0] http://financialcryptography.com/mt/archives/001455.html
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
