[125801] in cryptography@c2.net mail archive
Re: Ransomware
daemon@ATHENA.MIT.EDU (The Fungi)
Wed Jun 11 14:17:34 2008
Date: Wed, 11 Jun 2008 15:59:23 +0000
From: The Fungi <fungi@yuggoth.org>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <Pine.SOL.4.61.0806111150470.24323@mental>
On Wed, Jun 11, 2008 at 11:53:54AM -0400, Leichter, Jerry wrote:
> Returning to the point of the earlier question - why doesn't someone
> pay the ransom once and then use the key to decrypt everyone's files:
> Assuming, as seems reasonable, that there is a "session" key created
> per machine and then encrypted with the public key, what you'd get
> for your ransom money is the decryption of that one session key.
> Enough to decrypt your files, not useful on any other machine.
>
> There's absolutely no reason the blackmailer should ever reveal the
> actual private key to anyone (short of rubber-hose treatment of some
> sort).
Maybe I missed it in one of the articles, but was it stated that the
blackmailer did reveal a private key? Couldn't they simply request
the encrypted data and return the decrypted version?
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
