Re: A call for aid in cracking a 1024-bit malware key

[Steven M. Bellovin]

On Wed, 11 Jun 2008 15:58:26 -0400
Jeffrey I. Schiller [EMAIL PROTECTED] wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 I bet the malware authors can change keys faster then we can factor
 them...
 
To put it mildly.  They can can even set up sophisticated structures to
have lots of keys.

Let's put it like this: suppose you wanted to use all of your
cryptographic skills to do such a thing.  Do you think it could be
cracked?  I don't...

Btw -- see http://blogs.zdnet.com/security/?p=1259 for more details.


--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: A call for aid in cracking a 1024-bit malware key

[Ivan Krstić]

On Jun 11, 2008, at 10:04 PM, Steven M. Bellovin wrote:

Let's put it like this: suppose you wanted to use all of your
cryptographic skills to do such a thing.  Do you think it could be
cracked?  I don't...



Exactly right. After Storm, I don't think anyone reasonable still  
believes that there's no talent in the black hat community. So even if  
this particular piece of malware has implementation issues, the next  
version won't. And then what?


Focusing on the crypto is just missing the point entirely, although I  
suppose it grabs headlines. But the problem at hand has nothing to do  
with crypto, and  everything to do with the fact that our desktop  
security systems are fundamentally broken[0]. There is _no_ _reason_  
that a piece of malware executing silently in the background should  
have access to the user's files without interaction or approval from  
the user. And you can't maliciously encrypt files you can't access.


We know how to build systems that are both drastically more secure and  
more usable than the ones in use today[1]. I wonder if a proliferation  
of headline-grabbing threats like cryptographic ransomware will help  
overcome the OS vendor inertia.



[0] See first half of http://radian.org/~krstic/talks/2007/auscert/slides.pdf 
. Note: I'm no longer affiliated with OLPC.


[1] E.g. http://en.wikipedia.org/wiki/CapDesk, http://en.wikipedia.org/wiki/Polaris_(computer_security) 
, http://en.wikipedia.org/wiki/Bitfrost


--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: A call for aid in cracking a 1024-bit malware key

[James Muir]

Steven M. Bellovin wrote:

According to
http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9094818intsrc=hm_list%3E%20articleId=9094818intsrc=hm_list
some new malware is encrypting files with a 1024-bit RSA key.  Victims
are asked to pay a random to get their files decrypted.  So -- can
the key be factored?


I saw a similar story reported on Slashdot a few days ago.  I wonder if 
the malware authors cited Adam Young and Moti Yung?  They hypothesized 
about such malware a few years ago:


http://en.wikipedia.org/wiki/Cryptovirology

-James

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]