YouTube

Got a YouTube account?

New: enable viewer-created translations and captions on your YouTube channel!

Ben H.: Finding the Weak Crypto Needle in a Byte Haystack

http://media.ccc.de/browse/congress/2014/31c3_-_6144_-_en_-_saal_g_-_201412281645_-_finding_the_weak_crypto_needle_in_a_byte_haystack_-_ben_h.html

Using the same stream cipher key twice is known to be a Very Bad Idea, but keystream-resuse vulnerabilities are still very much a thing of the present - both in legitimate software and in the malware landscape. We describe a heuristic algorithm which can detect vulnerabilities of this kind. We explain the inner workings of the algorithm and demonstrate a proof-of-concept attack on sevreral examples of vulnerable data, including files encrypted by the DirCrypt malware and encrypted traffic generated by malware such as variants of Zeus and Ramnit.

Ben H.