Vulnerability Development mailing list archives
Re: Why not a changeling?
From: Michael.Wojcik () MERANT COM (Michael Wojcik)
Date: Mon, 22 May 2000 12:31:28 -0700
-----Original Message----- From: sigipp () WELLA COM BR [mailto:sigipp () WELLA COM BR] Sent: Monday, May 22, 2000 6:58 AM
The only thing i can imagine is, using a standard scrambler (like md5),
MD5 isn't a "scrambler". It's a cryptographic hash function. You can use it to build a "scrambler", but it wouldn't be the core of such an engine.
which is installed at the user and is not part of the virus.
Like password-protected ZIP files.
A real amazing idea would be, create a scrambled virus, which, when
descrambled
with one key, result in one virus, and when descrambled with another key,
should
result in another virus. Well, but that?s utopia.
Not particularly difficult. A simple scheme might employ something like Rivest's threshing scheme, stripped down and extended to multiple messages, where each "message" is a virus or similar payload. Then: for each payload V for each partition P in V prepend an index number N to P producing N+P sign N+P to produce N+P+S(N+P) encrypt N+P+S(P) with key K(V) mix the partitions from all payloads send the result All keys K(V) are distinct. The index numbers N are assigned to partitions P of payload V such that ordering the partitions by N, stripping all N and S, and concatenating the result produces V. (N can be used to sort the P's back into V.) The recipient chooses a key K from all K(V) and decrypts all the partitions in the result, discarding any which failure the signature verification. Only those from a particular V will remain. Sort by N, strip off all the N's and S's, and you have V again. Pick a different K and you get a different V. There are more sophisticated schemes used in deniability protocols. The crypto community's been discussing them for years. The main drawback is bloat, but most users don't notice bloat these days, and compression can help. You can skip the partitioning and mixing steps if you like, and just put one encrypted-and-signed payload after another. The concept's the same: for a given member of the set of valid keys, you'll get one decryption that verifies and a bunch that don't, which you discard. The partitioning and mixing is just for additional confusion. Michael Wojcik michael.wojcik () merant com MERANT Department of English, Miami University
Current thread:
- Re: Why not a changeling?, (continued)
- Re: Why not a changeling? Daniel Petzen (May 22)
- fdmount 0.8 exploit Paulo Ribeiro (May 22)
- Conserver Overflow James Snow (May 23)
- Re: Why not a changeling? Jeff Bachtel (May 23)
- Re: Why not a changeling? Michael H. Warfield (May 24)
- Re: Why not a changeling? Michael Wojcik (May 22)
- Re: Why not a changeling? White Vampire (May 23)
- Re: Why not a changeling? Dick St.Peters (May 25)
- Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? White Vampire (May 23)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 22)
- Re: Why not a changeling? Michael Wojcik (May 22)
- Re: Why not a changeling? Maxime Rousseau (May 23)
- Re: Why not a changeling? Michael Wojcik (May 23)
- Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? rain forest puppy (May 23)
- Re: Why not a changeling? Michael Wojcik (May 25)
- Re: Why not a changeling? prole (May 25)
- Re: Why not a changeling? Maxime Rousseau (May 25)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 29)