Jump to content

Talk:Cryptovirology

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 70.18.230.5 (talk) at 16:51, 22 November 2007. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

WikiProject iconCryptography: Computer science Unassessed
WikiProject iconThis article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science.
WikiProject iconComputer Security: Computing Unassessed
WikiProject iconThis article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
Things you can help WikiProject Computer Security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Answer question about Same-origin_policy
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.

Cryptotrojan example sounds silly

From the current article:

An application of a questionable encryption scheme is a trojan that gathers plaintext from the host, "encrypts" it using the trojan's own public key (which may be real or fake), and then exfiltrates the resulting "ciphertext". In this attack it is thoroughly intractable to prove that data theft has occurred. This holds even when all core dumps of the trojan and all the information that it broadcasts is entered into evidence. An analyst that jumps to the conclusion that the trojan "encrypts" data risks being proven wrong by the malware author (e.g., anonymously).
When the public key is fake, the attacker gets no plaintext from the trojan. So what's the use? A spoofing attack is possible in which some trojans are released that use real public keys and steal data and some trojans are released that use fake public keys and do not steal data. Many months after the trojans are discovered and analayzed, the attacker anonymously posts the witnesses of non-encryption for the fake public keys. This proves that those trojans never in fact exfiltrated data. This casts doubt on the true nature of future strains of malware that contain such "public keys", since the keys could be real or fake. This attack implies a fundamental limitation on proving data theft.

At the risk of repeating myself: "So what's the use?" I think I understand everything in those two paragraphs, but I don't see the practical usefulness of such a result. I think the author is thinking of a scenario like this:

Cracker breaks into system, installs "cryptotrojan".
Cryptotrojan collects data, pseudo-encrypts it, sends it to cracker.
System administrator discovers trojan, traces it, sues cracker for data theft.
Sysadmin: Judge, this cracker broke into my system and his trojan collected and exfiltrated my private data! Here are the logs proving it.
Cracker: Judge, my trojan did collect his data, but it did not exfiltrate it! Here is a mathematical proof that my trojan in fact sent only a stream of pseudorandom bits. Therefore you must find me innocent.
Judge: Oh dear, I suppose so. Not guilty!
Sysadmin: Oh no! I cannot afford to prosecute crackers if I cannot prove their guilt a priori.

However, common sense and U.S. law would make that dialogue end more like this:

Cracker: ... Therefore you must find me innocent.
Judge: I don't care about mathematics; I care about law. You admit you broke into his system and installed malicious software without his approval. You are obviously guilty.
Cracker: Oh no! I did not expect this turn of events.

So, what's the use? Obviously you can take any first-year crypto topic and put it in a virus, but does that somehow make it interesting or worthy of comment?

I'm not disputing the usefulness of "cryptovirology" (silly buzzword!) as a whole; I'm just pointing out that the example on which the current article spends two paragraphs is very silly, and should be replaced with a good example if one exists. (The only non-trivial uses of crypto in malware design that I can think of are both mentioned already: ransomware and polymorphic viruses. And the latter doesn't require crypto anyway.) --Quuxplusone 04:46, 21 October 2007 (UTC)[reply]


Comments from legal experts might shed light on how this would turn out in court. For instance is "theft" a charge separate from "unlawful entry/use"? Does theft by itself carry, e.g. 5 years? The article appears to make no legal claims.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Cryptovirology&oldid=173122467"