256AES Breakable? I have a hunch that it is.

Discussion in 'privacy technology' started by ComputerSaysNo, Sep 16, 2012.

Thread Status:
Not open for further replies.
  1. ComputerSaysNo

    ComputerSaysNo Guest

    Through my research of malware and botnets I've come across a really interesting pattern I thought I'd share my thoughts.

    Only 1 time have I seen a piece of malware and their payload or Comand and Control system/server over the last 2 years use 256AES. Blowfish sure, Twofish yes, RC4 yes, but only once have I seen 256AES used.

    Now Flame, Stuxnet, Duqu, Grauss all used RC4 to encrypt their payload I believe (At least Flame & Grauss did, Duqu & Stuxnet I'll re-check). Now if these "Military Malware" which are so complex are not using 256AES to hide it's telling me something.


    Now I may be on the wrong track, forgive me if I am. But I think 256AES is at least susceptible to unknown new side channel attacks or it's actually been totally broken.

    I'd like to hear what you think.
     
    ComputerSaysNo, Sep 16, 2012
    #1
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    RC4 is a stream cipher. AES is a block cipher. They are different animals. Stream ciphers are better suited for various tasks and generally have better performance. The reason they used RC4 could be as simple as that -- better performance.

    Gauss itself used MD5 to generate the RC4 key. MD5 is known publicly to be very weak, so I wouldn't put much stock into their selection of algorithms.
     
    Last edited: Sep 16, 2012
    chronomatic, Sep 16, 2012
    #2
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Different algorithms make sense at different times. Malware isn't usually encrypting hundreds of gigabytes of data to upload so AES doesn't make sense for it to use.
     
    Hungry Man, Sep 16, 2012
    #3
  4. ComputerSaysNo

    ComputerSaysNo Guest

    Yeah I agree, but if 256AES is safe/best encyption method wouldn't you think they would all be using it to encrypt CC&C servers.
     
    ComputerSaysNo, Sep 17, 2012
    #4
  5. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Again different animals, due to resources, attacking targets, payload method, all that would come into play. AES cannot be blanketed universally as it too has its limitations.
     
    EncryptedBytes, Sep 17, 2012
    #5
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    256 bit AES is not likely to be broken. Look at Law Enforcement Agencies having to ask for the password of volumes in their investigations. If you use a strong password or encryption key then it is highly unlikely it will be broken anytime soon.
     
    Cutting_Edgetech, Sep 17, 2012
    #6
  7. ComputerSaysNo

    ComputerSaysNo Guest

    Yeah I guess, I just found it interested that no-one is using 256AES. You would think it would be more widespread.
     
    ComputerSaysNo, Sep 17, 2012
    #7
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...