Ransomware arseholes
-
You're not breaking 2048-bit RSA. The data is gone.
Eh..maybe. IIRC, RSA cryptography is limited to encrypting data with a size < bits(key). The ideal use (in the encrypting-things context) is for very small messages1, or as part of a key exchange mechanism2. With a lot of data, such as may exist on a typical Windows hard drive, I wouldn't be surprised if there were a way to recover the key some way other than factoring. If they use an appropriate padding scheme, it may be a bit harder to crack, but in this context I shouldn't think the difference would amount to much.
1: ... where it doesn't matter if @Eve can recognize a message she knows, and/or resend it.
2: ... where the key is for a more suitable algorithm like AES.
-
According to a current article in the c't, for RSA to be as secure as AES-256, you'd need a key of 15,360 bit.
-
According to a current article in the c't, for RSA to be as secure as AES-256, you'd need a key of 15,360 bit
Barring any major developments in cracking AES, that's likely to get worse over time too (in the specific case, because attacks on RSA are outpacing attacks on AES, and generally because RSA doesn't scale well by key size (I think the improvement in security per bit added to the key is less than O(n))).
Note: I am speaking at least partially out of my elgiu here, so if you want sources good enough to satisfy the rat, I'd have to go look for them just like you would.
-
-
RSA can be decrypted with a different key than it was encrypted with, but AES can't. You're comparing a secure mailbox to a safe.
-
Wow, it even says yunikoon zerii on the top!
-
hmm.... i remember that comic.... it was a weird one. did it ever finish?
-
/me plans to see if she can find a hedgehog picture that would thematically work, also a similar picture of a red slime.
Here, I color-shifted the slime to take care of half your search:
-
/me bookmarks that and continues looking for a 'shopable hedgehog pic
-
You're comparing a secure mailbox to a safe.
That was kinda-sorta my point. For the way it's supposedly used here, RSA is not the right choice (which is potentially good for the OP).
-
Naw, that's exactly what they said as well in the article - I actually
omitted the word 'current', the algorithm's strength does indeed not scale
linearly with the key size.EDIT: Removed random E-Mail leftovers -a
-
IIRC, RSA cryptography is limited to encrypting data with a size < bits(key).
That's true, but only in the same way that AES-128 can only encrypt 16 bytes at a time.
In any encryption scheme, the plaintext is padded and divided into blocks, the cyrptographic primitive (RSA, AES, etc.) is performed on each block, and the results are combined in some way. There are many different ways of doing this, with varying levels of security.
In the case of RSA, RSAES-OAEP is secure against chosen plaintext attacks. Knowing what some of the data on the hardrive is will not help you break the key or decrypt the rest.
-
Yeah, about twelve years ago, actually. She wrote a second, related series called Pastel Defender Heliotrope from 2004 to 2008, too, as well as yet another related strip called To Save Her that I think finished in 2009.
-
hmm i may look those up again.
-
i have yet to meet a virus/trojan/malware that can survive a good DBAN session.
They're not very widespread. Yet.
Nevertheless: http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html
-
Keep us posted on what you find and how much you can recover.
Still waiting for the customer to get back to me with samples of original files, so I've made no progress with the Panda Ransomware Decrypter.
PhotoRec, on the other hand, is looking quite promising. It's been running against my block-for-block image of the original HD for 24 hours now, and it's recovered half a million files. A random sampling of the bigger ones shows that most of them are JPEGs and movies in apparently perfect condition.
Once PhotoRec has finished, I'll dedupe the collection and then see how much of the stuff the customer values has actually been resurrected.
-
Still waiting for the customer to get back to me with samples of original files, so I've made no progress with the Panda Ransomware Decrypter.
Waiting for customers is usually a very long and tiring process! I hope you have coffee ready!
A random sampling of the bigger ones shows that most of them are JPEGs and movies in apparently perfect condition.
Oh boy, sounds like a job for this emote:
Filed Under: I hope the customer had good taste!
-
oh they get plenty of that before hand. i only accept computers to fix that i provided them in the first place. and you got a good lesson about online security and were told i would be happy to provide additional training at any point. You also got a followup call a couple of weeks after i sold you the computer.
if you got a virus then you already blew that.
I do hope you never kill a Jew, @accalia, because I'm sure you wouldn't be able to stop at just one.
Filed under: why not @godwinbot
-
-
look, you asked me to solve the virus problem. i solved it.
"Well, sir, it seems like our experimental AIDS treatment worked. You're a healthy man now."
"Oh,thank you so much, Doc!"
"Now, since I don't want you to catch the virus again, I want you to have this cactus. If you ever want to have sex, instead of finding yourself a potentially infected girl, just go and fuck this cactus."
"What? Uh, I think I'd rather take my chances..."
"Nope, doctor's orders! In fact, we've already started a hormonal treatment to make you specifically attracted to cacti. Just give it a month and you'll never want to go back to screwing girls again!"
"WHAT?! I didn't agree to that! I'm suing your hospital immediately!"
"Aw come on, you haven't even tried it! At least give it a hug!"
"You know what? Let me just show you where you can stick that fucking cactus... "
-
Turn the doctor into and then get this onto the front page. Please?
-
Let me just show you where you can stick that fucking cactus
By God that training takes hold quickly.
-
Any chance of using recovered JPEG files for Panda's original/encrypted analysis? Or does it only work with plain text?
-
Good thought.
PhotoRec just makes up names for the files it recovers, so it's kind of hard to know which recovered one goes with which original.
The de-dupe pass over 800GB of recovered files is still running. Once it's done, I'll see about finding some recovered jpegs whose sizes uniquely match encrypted ones, and have a crack. But I'm really not expecting much from the Panda thing, unless we're lucky enough to be dealing with a really early and buggy version of the malware.
-
[img]https://what.thedailywtf.com/uploads/default/original/3X/b/b/bb285a544cebed8d3a5758b175fcbcc63809baf9.png[/img]
"Hi, girls! My name is Drippy, and I'm here to talk to you about your changing body..."
// what the fuck, Dipshitbatteryhose, I can't highlight an image and quote it? FUUUUUU
-
PhotoRec just makes up names for the files it recovers, so it's kind of hard to know which recovered one goes with which original.... I'll see about finding some recovered jpegs whose sizes uniquely match encrypted ones
Yeah, I figured the filenames were lost, but it's something to start from.
I'm imagining you narrowing down the search by asking the customer, "Hey, I recovered these naughty pictures of your secretary. Do you remember which folder you kept them in?"
Not likely to happen, but it was fun to imagine.
(actually, the movie files might be easier on account of there being fewer files of comparable size to what you're searching for...)
-
Any chance of using recovered JPEG files for
Panda's original/encrypted analysisyour own blackmail racket?
-
Use the speech balloon button in the editor, then prune what you don't want to quote:
@Lorne_Kates said:
@abarker said:
[img]https://what.thedailywtf.com/uploads/default/original/3X/b/b/bb285a544cebed8d3a5758b175fcbcc63809baf9.png[/img]
"i am Dippy"
// what the fuck, Dipshitbatteryhose, I can't highlight an image and quote it? FUUUUUU
-
Use the speech balloon button in the editor, then prune what you don't want to quote:
That's easier than copying the relevant parts out of the raw, in many cases.
-
Use the speech balloon button in the editor, then prune what you don't want to quote:
But what about those poor users on mobile?
-
That's different.
-
That's different.
That's kind of turning into the Discurse version of Who's on Frist.
-
That's different.
Well, mobile Discourse is... different.
And not exciting different, fun different, or even quirky but interesting different. More "developmentally challenged, drooling in the corner" quote-unquote different.
-
More "developmentally challenged, drooling in the corner" quote-unquote different.
Discourse is truly the forum of the future. (It sure isn't the forum of the here and now.)
-
Discourse is truly the forum of the future.
We have a term for such future. It's called "dystopia".
-
Discourse is truly the forum of the future
Yeah, it's designed for a time which is always 10 years away.
-
So Jeff is Bloody Stupid "it might look like a mess of javascript frameworks now but come back in
50010years" Johnson?
-
-
And not exciting different, fun different, or even quirky but interesting different. More "developmentally challenged, drooling in the corner" - different.
FTFY, since you already had the quotes in place.