Slashdot Mirror
Using Distributed Computing To Thwart Ransomware
I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."
Surely all the have to do is start using a new key every so often, and the task becomes pointless?
Encourage people to make backups of their data on disc, tape, or portable harddrives. I know that's a radical idea, but it just might be crazy enough to work.
SJW: Someone who has run out of real oppression, and has to fake it.
Where's Jack Bauer when you need him ???
Votez ecolo : Chiez dans l'urne !
If only I hadn't erased Jack Bauer's cell from my contact list after the last season...
My 0.02 cents
I'm glad at the enormous figures involved here (one year x 15 million computers). Hopefully, it'll teach people to backup systematically, cleanly and frequently - after all, the arms race on malware/virii has led to better computer security policies and techniques, even if there were many casualties.
Commodore64_love: I don't comprehend people who're so frightened of death that they'll bankrupt themselves to stay alive
Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.
That depends on whether you think it is acceptable to compel someone to reveal something like that. If, as for example in the US, someone cannot be forced to incriminate himself, then he can just refuse and there is no further recourse. That is, if the only way of getting information out of someone is to ask them nicely for it.
Nobody has the balls to use force anymore.
Us: Pretty please give us the private key so we can get our crap back
Them: stuff it
Us: oh, ok. thanks anyway
How are we going to do that? Everyone knows that things aren't nearly as fun as they used to be... people are even complaining about waterboarding now! what's this world coming to? Shoot, I remember when you could put a man on the rack - no problem.
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
But, surely the writers of the malware are also partly to blame.
Oh, wait...
The people who did that sit in a country ending in -stan. Countries ending in -stan have real problems and don't care for problems their citizens cause abroad.
You can trust me on that one, I've tried. I've even had so much as the name of the person to prosecute. Nothing came out of it. Despite including our federal police and interpol.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How? I thought torture was disallowed.
---- Booth was a patriot ----
They are best off using a large botnet then. Perhaps modify the extortion virus itself so that it's part of solution rather than part of the problem.
Is ti just me or does anyone else see the irony of a Russian dating service ad on /. shortly after the conclusion of the Reiser trial?
The sadists who ran Saddam's network of torture and death chambers are out of work at the moment.
.... persuade these people to talk.
Surely they could be employed to
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
15 million CPU years per key? And the attacker can just make up new keys as often as he likes. He could even make a different key for each target if he wanted.
15 million CPU years is a lot to spend when you could just restore from backups.
The size of the keyspace doubles per bit, 2^1024 is the size of keyspace.. Brute factoring the key is not happening..
*BOOM* HEADSHOT!
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
Perhaps in jail, on DUI charges?
Fortunately, we had Interbank Data Recovery Services. And Interbank does more than just acquire the decryption key.
That's because Interbank vows to find out who sent you the ransom and hunt them down like animals. Like filthy, dirty animals. That's the Interbank difference. See, I don't care how Interbank's secret police get things done. I just care that they get things done. For us.
Plus, because we'd enrolled in their Premiere Membership program, Interbank also hunted down friends and relatives of the guy who had encrypted our data, dragged them from their beds in the middle of the night, and set fire to their homes.
As long as security is valued at zero dollars when the IT bean counters are evaluating platforms and vendors crapware will proliferate.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Don't forget the corollary.
... how about just including a simple script that will look at how it's installed TODAY and back it up to a location chosen by the user? And then that script will generate a script to install that backup should you need it to. Along with license keys and decoding keys and unlocking keys, etc.
Encourage the application writers to make their applications EASY TO BACKUP.
The problem I keep seeing is that TELLING someone to back up their data is easy to do. FINDING ALL of the data is just about impossible.
You'll never know if you got it all until AFTER a problem.
Or even
The screenshot at http://news.cnet.com/8301-10784_3-9965381-7.html?tag=nefd.top says that the victim pays to download a 'decryptor'. Either the decryptor contacts, in real time, the extortionist (at a server location that can be linked to them), or the private key is included in the decryptor program, and should be able to be sussed out...
I've been an advocate for this method for quite some time. "Tell me Mr. Extortionist, how can your write a virus with ten broken fingers?..."
So, there are two possibilities here:
Either way, this seems like a pretty strong (if harsh) lesson for end users. If #1, use better software, like your geek friends have been telling you this for years. That doesn't have to mean installing Ubuntu; it could just mean upgrading from IE6 to Firefox (or IE7), or from Outlook Express to Thunderbird (or Gmail). If #2, then haven't you been told about 1,000 times not to do that? Now do you see why?
I truly feel bad for people who get nailed for this, in almost exactly the same way I feel bad for my kids when they touch the stove after I've told them it was hot.
Dewey, what part of this looks like authorities should be involved?
Since the virus seems to only use one key, can't we just infect a file with known content and reverse the key by comparing the original/infected versions?
If we take known data and expose it to this virus, it will encrypt it so well that it takes 15 million computers to figure out the key?
I assume the folks at Kaspersky labs know what they are doing, but known data? Even if we get several samples of known data and compare it to it's encrypted counterpart, it takes 15 million computers?
I mean Colossus only had suspected known data, such as, "Nothing to report" and broke the enigma code. That's impressive!
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
When we do find that guy, we can waterboard him to get the private key. According to the man, that's not torture!
Why are government bodies so busily working on pointless shit like this, when instead they could be doing work that actually brings value to society ... like shutting down the money pipe that keeps spammers and extortionists (of all kinds) in business? Can't somebody just invoke the specter of scary terrorists and money being funneled to Osama or something?
If libertarians are so opposed to effective government, why don't they all move to Somalia?
So the encryption is sound, but did he just delete the old files after encrypting them or did he scrub the drive too.
Someone try to undelete the files with a disk recovery tool and see what you get. Just because the file is encrypted does not mean that the original was correctly destroyed.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
If it takes less then 15 megayears to generate a fresh key, the attacker has already won.
I suppose if the file in question was something like a manuscript for a novel, where the owner can more or less verify it by eye, and (importantly) there isn't that much downside if our opponent sneaks some changes in, that might be worthwhile. But in general...
"Not an actor, but he plays one on TV."
AKA Rubberhose Decryption. Works every time.
There are a lot of idiots reading /. these days. i bow to all of your superior abilities to backup all of your files, constantly so that you will never, ever possibly lose a bit of data. Sorry, I meant to say that you're a bunch of wankstains.
Salut,
Jacques
Isn't that the way most frauds are cracked - by finding out where the money goes? Or is this particularly nasty SPECTRE-like extortion not illegal in the country of origin?
1. Track down the virus' creator.
2. Encrypt his/her data with a similar algorithm plus a key logger.
3. The keylogger phones home with the key the perpetrator used to decrypt his/her data.
4. Profit!
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
They might talk, but if there are any passwords involved, they are protected by the 5th amendment from having to divulge them.
Colin Dean Go a year without DRM
Is it targeted manually, or is it a specifically directed attack? If it's out in the wild being spread [cough] virally, rather than being inserted into specific targets, then what happens when a mobster's double book accounting system gets infected. Some people have mentioned ruthless CEO's - but if this infected the wrong system, these folks could have someone after them with no restraint, deep pockets, and the resources and experience to root them out. Do I smell a TV movie in the offing?
This virus only affects people running a Windows operating system. Having left Windows for Ubuntu Linux long ago, two phrases apply here:
1. Not my problem
2. A lack of planning on your part does not constitute an emergency on my part
Sorry, but that's the way it is. You want to wear the chains Mr. Gates has provided for your wrists? Be thankful for the scraps you get from the master's table, and don't cry about your floggings.
...still there's no real proof for the authenticity of the keys. infections are rare... who tells me that these aren't keys used by some CA. or anything else important.
For the Registry, you can "export" the entries for that app to a file and, later, you can import that file into the Registry.
The problem with the Registry is the same as you've noted with the file system. Stuff gets put EVERYWHERE. And there is no way to KNOW that you have EVERYTHING until AFTER you attempt to restore it. AND that doesn't include anything "updated" when you get a patch or point-zero-one release "upgrade".
Now, the installer can put that stuff everywhere
And I don't want to hear that that is to prevent "piracy". Just encrypt the stuff with the unlocking key or whatever. That way I can keep a TEXT file of app-name -- key code on my USB drive along with the backups.
Then I got a virus.
Since then, I make regular backups. Back in my childhood I did regular backups of my family's computer.
Then we got a virus.
Then we realized that the virus was a time bomb that was already present in dormant form even in the oldest several-months old backups.
Sometimes you have parents that are both computer geeks, and they teach you the important of offline backups. Never the less, shit happens anyway.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Although, you have to admit, retrieving your backup tapes from the Phoenix Lander is going to be a tad more expensive than the usual backup plans. More so if civilisation on earth has collapsed.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Where's Jack Bauer when you need him ???
Recovering from post traumatic stress disorder, a number of wounds, and radiation poisoning.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
The article mentioned that despite the IP addresses of the email are from China, the fact is the people behind the GPcode campaign are Russian. That makes me wonder that how many computers in China has been turned into Russian zombies. That may well explain the reason why most attacks against U.S. Government networks are originated in China.
"The New Age. The New Beginning."
Why waste time factoring RSA?? The RSA simply wraps an RC4 key.
RC4 brute force is far easier. There are several known problems with RC4 which may possibly work to our advantage in cracking the data as well..
I said no... but I missed and it came out yes.
I don't know, but I bet there's a lady chained to a radiator, crying, somewhere near by.
It would be far more energy efficient to find the perp and lightly tap his kneecaps with a hatchet from the local hardware store...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Enterprise-level backup apps are almost always 3rd-party, not "some kind of unreliable M$ thing". Any serious solution also has a means to restore to bare metal, so in effect you need no OS at all to do this.
(and when was the last time anybody kept any current work on a floppy? Cripes - 1992 called and they want their backup devices back).
Quo usque tandem abutere, Nimbus, patientia nostra?
cant that be used to bruteforce that keys MUCH faster? i mean,from what i read its like.. 20 times faster than a regular pc cpu
Factoring a 1024-bit RSA modulus would be a major achievement. The current record seems to be 663 bits.
2008 called. They said lots of people these days keep important documents on USB keys which are often multiple gigabytes in size and work for emergency backups/transfers just fine for ordinary folks with ordinary amounts of data.
"...track down the people who wrote the virus and force them to talk."
Or, more likely, beat them within an inch of their life, break their fingers, cut off their toes...then ask them for the key or else you will get really nasty.
These geeks aren't going to fear the results of their actions until they begin seeing their cohorts disappearing without a trace or being put on display as an example to the others.
Bearded Dragon
... Or people could just back up their data regularly to minimize any effect such a virus would have...?
Given the choice between fifteen million CPU years spent breaking keys and about ten minutes of breaking fingers, it seems pretty clear which one is more efficient.
Frankly, I'd be deploying 4096 bit - it's not like verifying the signature every now and then is going to bring the Internet to its knees.
"It doesn't cost enough, and it makes too much sense."
Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.
You, sir, need to stop watching 24
you'd think some enterprising spy agency could follow the money and arrest the dorks who wrote this thing... in the meantime, backup your important stuff!
-really!
Uhm, since nobody else cared to mention it. Why don't we pressure the Chinese Government to get involved. Like maybe go to the site where that email server is sitting and gain access to the computer and track down the real IP of the people sending the emails. Then go to their homes and arrest them. Then after beating them sufficiently, extradite them from country to country to be put on trial. Force the private key out of them and force them to disclose the rest of the people involved in the scheme.
Track them down and kill them.
You should probably get the private key from them first.
The problem with that is that if you didn't do it at the beginning ... and before/after every update ...
And anyone organized enough to do it at the beginning and prior to every update is organized enough to not need to do it.
It took me a bit of work, but I think I got it. Can someone double check my work? This is the key that I came up with:
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
That's where many weaknesses in cryptographic software have been found. With any luck the virus writers just borrowed the encryption code out of OpenSSL in the Debian tree.
Set your clock back, restore from backups, transfer your data while the virus is "dormant", wipe the machine and restore.
Clearly you were able to access your data during the dormant phase, or you'd have noticed the virus sooner.
"a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."
How about tracking down the people behind the Operating System and holding them to account.
davecb5620@gmail.com
I've never seen a company that uses an "M$" thing, reliable or not, mostly because the built-in backup tool in Windows has always sucked for everything other than simple personal archiving. I use it to back up my "home" directory to an external USB drive (not a floppy, those are not in use anymore), but it's less than 10GB.
There are hundreds of pro backup solutions for Windows that range from the more advanced (or simple to use) personal, to small/mid-size business and enterprise (think the massive EMC2/SAN solutions here for example). Local or remote/network, with or without schedulers, agents and so on. It's quite the active niche for many companies. If "M$" added something actually usable to Windows no doubt people like you would be at the front of the pack yelling "anti-competitive behavior" anyway.
I don't understand the rest of your post, sorry. "Many of them will simply pay and wait for their computer to fail some other way" just doesn't make any sense at all.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
(I actually did this once. Surprisingly, it worked. YMMV)
1. Plug in portable hard drive (or equall or greater size)
2. If using NT, Win2000 or XP, tell windows to reformat your *portable* drive as NTFS. (If you're using Vista, I don't think this will work)
3. Boot from a live CD (or DVD) Linux
4. Open a command or terminal window
5. Type: dd if=/dev/sda0 of=/dev/sdb0
To restore:
1. Plug in portable hard drive containing the backup
2. Boot from a live CD (or DVD) Linux
3. Open a command or terminal window
4. Type: dd if=/dev/sdb0 of=/dev/sda0
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
Kaspersky Labs should build this distributed key code into their antivirus products: there is distributed infrastructure for sending/receiving keys with update service and tons of mostly idle PCs! Kaspersky, make this version free or cheaper version than your regular AV product and voila!
Uhhhhh....let us presume for a moment that the hackers are trying to trick us into factoring a root signing authority's RSA key. Isn't it, like, bad that that's possible?
But severoon, you protest, in all but the most bizarre circumstances those keys are safe! It takes 15 million computers a year to break that key! No one person could do it!
Yea, after all, when was the last time the government corralled massive compute power to do something stupid (-ahem- tee off AT&T's web traffic and do deep packet inspection)? And when was the last time we saw a 15 million X increase in compute power (-ahem- since 10 years ago)?
I no likey this thread...it makes me nervous. I'm going to go drink away the bad thoughts.
but have you considered the following argument: shut up.
That's called a "known plaintext" attack. Good crypto isn't vulnerable to those. I don't believe there are any good known plaintext attacks for RSA, but it wouldn't matter because we don't have any *known plaintext* here (unless they have a backup of their files).
You see, they generate a RANDOM key to encrypt your stuff, then encrypt that with their public key. Because we don't have their private key, we need them to decrypt the random key so you can get your files.
If you RTFA, you'll see that they're willing to prove that they have the key by decrypting any one file for you before you pay up.
Is this some kind of clever troll? How is it "interesting"? It reads as twitter had never been inside a SME or larger. Every company I've ever worked for - including a small start-up - had comprehensive backups. My last company wasn't that big and it had 100% disk recovery across all platforms, including Windows, HPUX, IRIX, Linux, classic Mac, Mac OS X.
Patriotism is a virtue of the vicious
Data was safe. The problem was the EXE files. A huge proportion of them was infected. But went unnoticed before the time bomb activates. We had to find install floppy to reinstall all the nuked software.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
lots of companies don't allow USB keys to be used on the premises.
Corporate users - the ones twitter references - are usually the ones with access to the ultra-reliable backups.
Patriotism is a virtue of the vicious
Must have been encephalitis, right?
(I'm pro-Linux but I still couldn't resist!)
2011 called and laughed at your shitty gigglebikes.
> Is this some kind of clever troll?
Oh no, I assure you he's quite serious. He's never had a real job at a company of any meaningful size, but he considers himself qualified to talk about enterprise backup solutions because he hates Microsoft.
Back in the 80s the main OS on PCs was MS-DOS, which wasn't multitasking.
.EXE/.COM file, thus being executed each time an infected file was ran and ending up being constantly run even if there weren't autostart and/or multitasking facility in MS-DOS.
...except the whole point was moot at a time when "sneaker net" was the only way to communicate between computers and getting a recent antivirus was hard.
That meant that most of the malware wasn't worms (autonomous program propagating over the network, as 99.9% of todays malware) because you couldn't run a separate worm process in the background.
Instead the malwares were of the viral kind, which piggybacked on legit executables, by injecting it's own code inside the
Some times the code injection would fail and the executable would stop functioning thus revealing the presence of virus even before the virus manage to do something.
Some times the code injection would succeed and the virus would stay unnoticed until its payload kicked in.
Similarly, cleaning an infected EXE file was not guaranteed to succeed all the time. So generally once a PC was infected, it meant that all the infected programs were definitely hosed except a couple few lucky who went the whole infect/clean process without being damaged.
What was worse, the first time we had a virus infection, the payload was able to physically damage the hard drive but otherwise remain silent (no taunts displayed on the screen, no EXE becoming suddenly suspiciously corrupted), so we went through a couple of warranty claims before realising that there was a virus sleeping even in the old backups.
That would have been a nice lesson about systematically scanning all incoming floppies and keeping one's antivirus pattern files up to date...
I was the only kid around having an antivirus so I didn't have anybody to swap patterns with.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Security only needs to be good enough that the cost of breaking it is more than the reward of breaking it. Could you expect to make the hundreds of millions of dollars it would cost to have 15 million modern PCs running for a year from knowing a root signing authority's key? I doubt it and the signing authorities must doubt it too, or they'd be using more bits.
Chernobyl 'not a wildlife haven' - BBC News
I wrote about it here years ago. It's called incremental imaging. I covered it in my journal. It works.
Basically during a very careful system build you make a series of snapshot images of the system. If you do the steps in the right order and label your images correctly you can restore your system to any point that you saved in the system building process. It's much preferable to revert to an image that didn't contain a software package and install the new version than to uninstall the old version and install the new. These days building the whole thing in a virtual machine is also a common recommendation. It makes the snapshots quick and easy and virtual machines can be moved from any platform that supports that style of virtual machine to any other without reinstallation. Do pay attention to your licensing though.
If you're hoping for a system where you can take a Windows installation and run one restore that adds back to it all your applications, no you can't do that unless you have a system snapshot with backup software and a "differential backup" with all your software installed. I don't recommend this because the slightest missed trick and applications will fail inexplicably.
Basically my opinion is that if you're restoring applications from backup you've already horribly failed. You're better off with a clean image and/or a clean install for reliable performance. And by reliable performance I mean best replicating the environment that ended with you restoring in the first place. If you're rebuilding for some reason other than catastrophic hardware failure or platform migration your efforts might be better spent in a total rethink of why you're doing what you're doing and how.
Help stamp out iliturcy.
I think this is more a job for Nikita. Time to create a new section.
Twitter (and his many aliases) is a well-known troll, and takes every opportunity to talk about how terrible anything having to do (even remotely) with Microsoft is. As an example:
http://slashdot.org/comments.pl?sid=562692&cid=23524480
It is pitch black. You are likely to be eaten by a grue.
It's an installation packager or package builder. It monitors all of these things for you and builds a script that basically replicates the installation.
I've tried several and my experience is so spotty that I can't recommend one. There are issues with interdependent packages, user account issues, variability in platforms and auditability of success among other things.
Still, they can be useful sometimes and can get around installer stupidness like only installing from CD or floppy, multi-reboot installs and building a single installer that installs almost all of your apps. Developing a process like this for an enterprise is at least one full time job. For a household or small business it's just not worth the effort.
Help stamp out iliturcy.
I tried to download the encrypted files from the Kaspersky forum.
It required a log-in.
I used a bugmenot.com login(obviously).
Result: my IP got banninated until 19.11.2009
I'm vain enough to consider myself a "crypto expert", and that sort of treatment is a turnoff. Kaspersky, either learn to respect my privacy or learn to live without me.
AC jokes, but that's awfully close to how some early computer memory actually worked.
Delay Line Memory, it was called. Basically, you push bits onto a wire loop, and then when they come back around again on the guitar you read them and push them back on again.
That said, the seek time on your version is awful...
--
I don't want to rule the world... I just want to be in charge of mayonnaise.
Some readers may be having difficulty understanding some of the discussion of this article because they don't understand the concept of public-key encryption. Such readers can find a simple-to-understand overview on my website. The overview is a presentation (available in PowerPoint and PDF formats) that should be self-teachable. It has an open-source license, so feel free to reuse and modify it.
I have a friend who uses a floppy. so sad :-(
null
Remeber, modern the Jews are from Russia. That explains all the trouble happening in this world...
The Blessed Virgin vs. the Khazar Jew Supremacists
The second part of the Secret of Fatima may hold an incredible mystery that to date has escaped the understanding of the Fatima specialists.
Three times Our Lady explicitly mentioned Russia in Her Secret, but are we really sure we know exactly what She intended by such a specific and ostensibly straightforward reference? Was She simply referring to territorial Russia, that part of the world which became the first victim of the satanic political conspiracy known as Communism, or did She have another object in mind?
Our contention is that Russia is to be understood not only literally (territorial Russia), but also symbolically (mystical Russia). And, furthermore, that the symbolic meaning is primary in this Message.
Now, by mystical Russia we refer to the Khazar Jew conspiratorial elite, whose forebears originally hailed from the Kingdom of Khazaria in the steppes of Russia. Beginning in the 10th century A.D., they spread out into Poland, and thence throughout Europe and the rest of the world. This diaspora was so extensive that today the overwhelming majority of those who call themselves Jews are not Semites at all, but Caucasians, aka Ashkenazim Jews, from Khazar Russia. Read Arthur Koestler's The Thirteenth Tribe to learn more about their true racial background (which they are naturally very keen to conceal). For reviews and further information about this book, first published in Britain in 1976, click here.
This delusional, Luciferian, Khazar Jewish, supremacist sect, chief amongst which figures the Rothschild dynasty, have succumbed to Satan's primordial lie that it is in his gift to make them god-like rulers of the world. Currently, it is true, they have cryptocratic control over almost every "civilised" government in the world, and they hope shortly to impose an open, antichristic New World Order that will replace all vestiges of Christendom.
(Note, however, that the majority of ordinary Jews have little if any knowledge of the existence and criminal intentions of this conspiratorial elite. This is true even for hardened Zionists.)
Below we provide ten arguments in support of our contention that Our Lady was primarily referring to this mystical Russia rather than territorial Russia in the second part of the now famous Secret that She revealed on July 13, 1917, in Fatima, Portugal.
* Almost all the top Illuminati claim to be Jews. And yet, as we have seen, they are not Semites at all. They must trace their ancestry back, not to Palestine, but to the Russian kingdom of Khazaria, which converted en masse to Judaism in 740 A.D. (This means that the term anti-Semitism applied to those who expose their nefarious practices is a nonsense smear.)
* Just as God refused to hallow by the name of Jew those who in reality are "members of the synagogue of Satan" (Apocalypse 2:9), so Our Lady does likewise. She refers to them as Russia, thus exploding their delusional racial pretensions and confirming their non-Semitic origin.
* Although territorial Russia may have helped to spread throughout the world the errors and persecutions prophesied by Our Lady, it would be more correct to regard her as the victim rather than the agent of these errors and persecutions. Holy Russia was as though possessed by these satanic errors which came to her largely from outside her borders.
* The Bolshevik Revolution and the satanic political deception of Communism were stage-managed and paid for by the Khaz
Would a properly backed up file allow you to recover the key? Would it then be possible to run a honey pot and checking it for encrypted files?
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
That would give an exponential gain in the cpu time it takes to break it, right?
15M^2=2.25*10^14.
Shouln't be that hard to implement either.
Normally, I'm all for responding after reading just the headline and not the body of the message. After all, this is /.!
But if you had read the actual content of my post, neither example I present requires the key breaker to make hundreds of millions of dollars from breaking the key.
First up, we have the government, which specializes in spending hundreds of millions of dollars, not making it, and they'll drop that much cash in a heartbeat, without much research, and on fairly stupid things (Bridge to Nowhere, anyone?).
Next up, we have everyone else. In 5 years, "millions" of computers will have fallen to "thousands". And the cost of compute cycles will have fallen significantly as well, meaning that anyone who understands how to deploy to Amazon's EC2 or Google's App Engine could easily mount such an attack with fairly modest resources.
Your point about signing authorities using more bits is exactly the heart of the issue. They're not allowed to use more bits—my understanding is that data encrypted with more than 56-bits may not cross in or out of the US (though I seem to remember this has been raised to 128 or 256?), and more than 1024 even within the country is not legal. Actually, I can't even remember if this law was eventually struck down altogether...but the fact that it ever was even suggested makes me wonder exactly why the government would concern itself with restricting and/or regulating such things.
Why, indeed.
but have you considered the following argument: shut up.
....a 15 million X increase in compute power....
Is not really needed for this. Just find the culprit(s) and use the rubber hose decryption key on him/them.
All theory is gray
Right click, restore previous versions, pick the right date, problem solved.
Give a man a fish, he'll eat for a day, but teach a man to phish...
Assuming this is what they are trying to achieve, I suppose they are hoping that someone has a whole load of large primes already found, then, assuming that the two primes used are fairly close to each other, the search space will be much smaller, and the amount of computer time would be greatly reduced. Although we can hope that no Eve has such a list of primes, it would not be surprising if someone does.
I'm not a business owner, but i am paranoid, especially about computer viruses.
I've got a nice approach right now to always keep my drives clean. it's an old IDE hdd, that has a clean install of windows with just the basics. it happens to be a maxtor, so i can use the 'max blast' software. seagate owns maxtor now, though and seagate has the same nice drive utility suite. most HDD vendors offer a comparable suite. but, since i am paranoid, i don't use these 'windows' solutions to purge a drive. i use darik's boot and nuke.
as for where i keep my valuable data? dvd-roms, and possibly on a usb HDD, in the event that i even think an infection has taken place, i dump all my data to a linux drive, format every windows drive, including the USB one i use for backups when a dvd-rom isn't enough.
the usb drive never sees a windows system that is connected to the net, and i use separate windows drives, for playing online games, and for playing movies/backing up dvds. the dvd system is never on the net either. for a while i was using diff, and linux to verify my system wasn't being compromised, but that takes a lot of disc space, especially if you keep all the old files, and it doesn't scan problems that can occur within the NTFS itself, there is a program called ntfs clone for linux that can check the metadata for infections, but with my new ability to wipe my system clean within 30 minutes, tops and then only have to configure a few things i left unconfigured...
well, it may not be as impressive a system as what 'enterprise' users use, but i can clean a system, even wipe it's bios, (i've had to do that before, when a system was rooted for a long time) without using anything microsoft based... the only problem, is vista, vista needs it's CD/DVD media when it's been copied by HDD utilities.
that will be annoying, but knowing that at any given moment i can clean my systems completely, without hackers being able to stop me, is something i really needed to have, even medicated.
https://www.gnu.org/philosophy/free-sw.html
Actually, not necessarily. Veritas Netbackup (as a typical commercial solution) and Bacula (as a pure GPL solution) can run on Windows or Linux as the server(or in Bacula's case, IIRC even on OSX).
Quo usque tandem abutere, Nimbus, patientia nostra?
It doesn't matter what the backup software can run on. The typical corporate desktop is still Windows, so the client side of the backup solution has to run on Windows.