If the virus writer actually understands public key crypto, they'd quickly realize it would be pointless to encrypt a "My Documents" folder with it...it isn't fast enough (The default "My Music" folder is in "My Documents" to give an idea of how large that folder can be). Private (shared) key encryption is much faster, which is why it is always used (yes, even in public-key crypto apps..seems ironic...but this is just about how everyone implements it as long as I can remember)
Assuming they properly implement it to work around the speed issues (see above), we still get to do a known-plaintext attack on the encrypted data. And if the password is randomly generated by the victim, those who don't keep backups are screwed, unfortunately. Those who do keep backups could work out the key for the benefit of everyone in the case it isn't randomly generated (though using a test environment with controlled files in "My Documents" should be better).
It basically comes down to: we know the alrgorithm, the plain-text, and the cipher-text...we could eventually work out the password. But those who do keep backups (or put the files elsewhere) wouldn't really need to worry about decrypting the file...and working it out is only useful if it isn't random...
"This call may be recorded for training and quality assurance purposes"
That message works both ways. It also means that they allow YOU to record the call. It doesn't necessarily mean that the company will use their resources to record the call themselves to ensure that you get quality telemark...er, customer service. Of course, a manager may be red-faced when you play back the conversation their phone drones had with you, but that message when you call is pretty clear about allowing recordings...
Slashdot Mirror
If the virus writer actually understands public key crypto, they'd quickly realize it would be pointless to encrypt a "My Documents" folder with it...it isn't fast enough (The default "My Music" folder is in "My Documents" to give an idea of how large that folder can be). Private (shared) key encryption is much faster, which is why it is always used (yes, even in public-key crypto apps..seems ironic...but this is just about how everyone implements it as long as I can remember)
Assuming they properly implement it to work around the speed issues (see above), we still get to do a known-plaintext attack on the encrypted data. And if the password is randomly generated by the victim, those who don't keep backups are screwed, unfortunately. Those who do keep backups could work out the key for the benefit of everyone in the case it isn't randomly generated (though using a test environment with controlled files in "My Documents" should be better).
It basically comes down to: we know the alrgorithm, the plain-text, and the cipher-text...we could eventually work out the password. But those who do keep backups (or put the files elsewhere) wouldn't really need to worry about decrypting the file...and working it out is only useful if it isn't random...
"This call may be recorded for training and quality assurance purposes" That message works both ways. It also means that they allow YOU to record the call. It doesn't necessarily mean that the company will use their resources to record the call themselves to ensure that you get quality telemark...er, customer service. Of course, a manager may be red-faced when you play back the conversation their phone drones had with you, but that message when you call is pretty clear about allowing recordings...