I have next to no experience or knowledge of encryption, so I am asking this out of pure ignorance. Let's say that I got bit by ransomware (thank God I have not!). On my desktop is one solitary file that I downloaded off the internet. That file gets encrypted. I know where to get the exact copy of that file and re-download it. Wouldn't it be possible to compare the original and encrypted versions and work out the necessary key?
🎉 Celebrating 25 Years of GameDev.net! 🎉
Not many can claim 25 years on the Internet! Join us in celebrating this milestone. Learn more about our history, and thank you for being a part of our community!
Question about encryption and ransomware.
I'm guessing no. I'm not too knowledgeable about this topic, but your file would have other information attached to it than just the raw data of the file. The creation time, altered time, etc. Also, it's location on your hard-drive wouldn't be the same. I'm not sure if that last part would matter though. Maybe someone with more knowledge about encyryption may chime in.
Author
I'm not too sure how ransomware works, but it seems to encrypt the files in place, from what little I can gather. Ignore the ransomware part for the moment. Just assume the file data is encrypted.
Wouldn't it be possible to compare the original and encrypted versions and work out the necessary key?
That is what is called a "known plaintext attack" on the crypto, and any decent crypto is constructed to prevent it from helping much in figuring out the key unfortunately.
If the ransomware used some homebrewed crypto made by a non-expert, its possible it could work, but why do that when there are crypto libraries out there?
Author
Try not to open dodgy files and have backups.That's the easier way to keep your files safe.
I was just curious if this was a possible workaround for encryption. Ransomware comes to mind since it is such a problem today.
Most used asymmetric cryptos (such as RSA) use random padding next to the data, so two acts of encryption do generally not produce the same encrypted vector even if the source data, the key and even the initialization vector would be same.
What guarantee do you have that the original remain unchanged, even if you were able to decrypt it back? It feels like once a computer is compromised, it should might as well be reformatted completely.
What guarantee do you have that the original remain unchanged, even if you were able to decrypt it back? It feels like once a computer is compromised, it should might as well be reformatted completely.
He means for example if he downloads like... VS2015 community edition installer EXE from the internet...
And then later he gets ransomeware'd, the ransomware encrypts that installer file as part of its work. He has, for example another computer which can go and download the original EXE from the internet again to compare its un-molested contents vs. his randomware'd version from his infected computer.
He's saying the original version out on Microsoft's download page is NOT infected, so he can download it again to compare.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
