undefined | Better HN

0 pointsdredmorbius4y ago0 comments

At some point there's a functional mapping from key to indicia.

Releasing "lots of malware" either means a finite keyset, or a key-generation mechanism. At least as I see it.

(I'd really like to find a detailed analysis of the malware software. There was an earlier version of the Darkside attack which used a weak mechansim for key generation.)

0 comments

adrian_b4y ago

They would normally use a key-generation mechanism, but knowing that is not helpful at all.

A typical key-generation mechanism would be for each malware copy to have a serial number and the keys to be generated by encrypting the serial number, e.g. with AES, using another secret key.

Even if you know precisely the serial number of a copy and how the per-copy keys are generated by the attacker, you do not know the attacker's secret key used for key generation, so this is a dead end.

dredmorbiusOP4y ago

How would the malware itself generate, or verify, the decryption key without the secret key?

This is the distributed-secret-key problem.

j / k navigate · click thread line to collapse