Conficker använder MD6

Den nyss fastställda standarden från NIST (uppföljaren till MD5) används av den skadliga koden samt 4096-bit RSA. Den eller de personer som tagit fram har mycket god kunskap om kryptografi vilket kan bevisas genom att den första implementationen av innehöll en brist som även hade men som sedan korrigerades av Dr. :s grupp som har tagit fram MD6 och efter ett tag så korrigerades även Conficker:

In evaluating this mechanism, we find that the Conficker authors have devised a sophisticated encryption protocol that is generally robust to direct attack.  All three crypto-systems employed by Conficker’s authors (RC4, RSA, and MD-6) also have one underlying commonality.  They were all produced by Dr. Ron Rivest of MIT.  Furthermore, the use of MD-6 is a particularly unusual algorithm selection, as it represents the latest encryption hash algorithm produced to date.  The discovery of MD-6 in Conficker B is indeed highly unusual given Conficker’s own development time line.  We date the creation of Conficker A to have occurred in October 2008, roughly the same time frame that MD-6 had been publicly released by (see http://groups.csail.mit.edu/cis/md6).   While A employed SHA-1, we can now confirm that MD-6 had been integrated into Conficker B by late December 2008 (i.e., the authors chose to incorporate a hash algorithm that had literally been made publicly available only a few weeks earlier).

Skriv en kommentar

Du kan använda följande HTML HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>