Jump to content

Talk:Cryptovirology

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Cryptotrojan example sounds silly

[edit]

From the current article:

An application of a questionable encryption scheme is a trojan that gathers plaintext from the host, "encrypts" it using the trojan's own public key (which may be real or fake), and then exfiltrates the resulting "ciphertext". In this attack it is thoroughly intractable to prove that data theft has occurred. This holds even when all core dumps of the trojan and all the information that it broadcasts is entered into evidence. An analyst that jumps to the conclusion that the trojan "encrypts" data risks being proven wrong by the malware author (e.g., anonymously).
When the public key is fake, the attacker gets no plaintext from the trojan. So what's the use? A spoofing attack is possible in which some trojans are released that use real public keys and steal data and some trojans are released that use fake public keys and do not steal data. Many months after the trojans are discovered and analayzed, the attacker anonymously posts the witnesses of non-encryption for the fake public keys. This proves that those trojans never in fact exfiltrated data. This casts doubt on the true nature of future strains of malware that contain such "public keys", since the keys could be real or fake. This attack implies a fundamental limitation on proving data theft.

At the risk of repeating myself: "So what's the use?" I think I understand everything in those two paragraphs, but I don't see the practical usefulness of such a result. I think the author is thinking of a scenario like this:

Cracker breaks into system, installs "cryptotrojan".
Cryptotrojan collects data, pseudo-encrypts it, sends it to cracker.
System administrator discovers trojan, traces it, sues cracker for data theft.
Sysadmin: Judge, this cracker broke into my system and his trojan collected and exfiltrated my private data! Here are the logs proving it.
Cracker: Judge, my trojan did collect his data, but it did not exfiltrate it! Here is a mathematical proof that my trojan in fact sent only a stream of pseudorandom bits. Therefore you must find me innocent.
Judge: Oh dear, I suppose so. Not guilty!
Sysadmin: Oh no! I cannot afford to prosecute crackers if I cannot prove their guilt a priori.

However, common sense and U.S. law would make that dialogue end more like this:

Cracker: ... Therefore you must find me innocent.
Judge: I don't care about mathematics; I care about law. You admit you broke into his system and installed malicious software without his approval. You are obviously guilty.
Cracker: Oh no! I did not expect this turn of events.

So, what's the use? Obviously you can take any first-year crypto topic and put it in a virus, but does that somehow make it interesting or worthy of comment?

I'm not disputing the usefulness of "cryptovirology" (silly buzzword!) as a whole; I'm just pointing out that the example on which the current article spends two paragraphs is very silly, and should be replaced with a good example if one exists. (The only non-trivial uses of crypto in malware design that I can think of are both mentioned already: ransomware and polymorphic viruses. And the latter doesn't require crypto anyway.) --Quuxplusone 04:46, 21 October 2007 (UTC)[reply]


Comments from legal experts might shed light on how this would turn out in court. For instance is "theft" a charge separate from "unlawful entry/use"? Does theft by itself carry, e.g. 5 years? The article appears to make no legal claims. —Preceding unsigned comment added by 70.18.230.5 (talk) 16:51, 22 November 2007 (UTC)[reply]

[edit]

The last revision includes a non-profit, official page for Cryptovirology. Why it is removed ? If it is because of flash oriented page, it also refers to the forum page which is maintained by cryptovirology team. If that's the case then we can put forum link directly. — Preceding unsigned comment added by Daicarus (talkcontribs) 00:58, 8 December 2010 (UTC)[reply]

[edit]

Hello fellow Wikipedians,

I have just modified one external link on Cryptovirology. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 02:53, 15 August 2017 (UTC)[reply]

lede improvements

[edit]

the lede is too long, the lead section (above the TOC) is longer than the entire article. couldn't more sections be made out of this? A Guy into Books (talk) 10:43, 22 August 2017 (UTC)[reply]