COMSEC: June 2008 Archives


June 11, 2008

Aside from being kind of pointless, Terence Spies pointed out to me today that there's a real negative externality to an attempt to crack Gpcode's RSA key. Once you've bothered to build a big distributed RSA key cracking system (this assumes of course that this is practical, which isn't clear), there's a temptation to use it, and there are lots of 1024-bit and smaller RSA keys floating around in the world. It's not at all clear that the benefit from cracking the public key used for a single piece of ransomware exceeds the cost of a crack of long-term keys used for legitimate purposes.

June 10, 2008

Gpcode is a "ransomware" virus that infects your machine, encrypts your data under some RSA public key, and asks you to pay money to get the decryption key. Kaspersky Labs is trying to start a project to crack the public key, which would allow them to recover the data. According to Kaspersky, they broke an earlier key because it wasn't generated securely, but it sounds like they're trying to attack this one directly. This seems pretty unscalable. Even if they do manage to factor the RSA modulus—which seems unlikely unless they gather a pretty surprising amount of computing power— whoever is releasing the virus can just create a new, longer, public key. The whole point of cryptography is to give an insurmountable advantage to the defender. That's not going to change just this time because the people using cryptography are mean.