256AES Breakable? I have a hunch that it is.

Discussion in 'privacy technology' started by ComputerSaysNo, Sep 16, 2012.

Thread Status:
Not open for further replies.
  1. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Through my research of malware and botnets I've come across a really interesting pattern I thought I'd share my thoughts.

    Only 1 time have I seen a piece of malware and their payload or Comand and Control system/server over the last 2 years use 256AES. Blowfish sure, Twofish yes, RC4 yes, but only once have I seen 256AES used.

    Now Flame, Stuxnet, Duqu, Grauss all used RC4 to encrypt their payload I believe (At least Flame & Grauss did, Duqu & Stuxnet I'll re-check). Now if these "Military Malware" which are so complex are not using 256AES to hide it's telling me something.


    Now I may be on the wrong track, forgive me if I am. But I think 256AES is at least susceptible to unknown new side channel attacks or it's actually been totally broken.

    I'd like to hear what you think.
     
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    RC4 is a stream cipher. AES is a block cipher. They are different animals. Stream ciphers are better suited for various tasks and generally have better performance. The reason they used RC4 could be as simple as that -- better performance.

    Gauss itself used MD5 to generate the RC4 key. MD5 is known publicly to be very weak, so I wouldn't put much stock into their selection of algorithms.
     
    Last edited: Sep 16, 2012
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Different algorithms make sense at different times. Malware isn't usually encrypting hundreds of gigabytes of data to upload so AES doesn't make sense for it to use.
     
  4. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Yeah I agree, but if 256AES is safe/best encyption method wouldn't you think they would all be using it to encrypt CC&C servers.
     
  5. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Again different animals, due to resources, attacking targets, payload method, all that would come into play. AES cannot be blanketed universally as it too has its limitations.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    256 bit AES is not likely to be broken. Look at Law Enforcement Agencies having to ask for the password of volumes in their investigations. If you use a strong password or encryption key then it is highly unlikely it will be broken anytime soon.
     
  7. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Yeah I guess, I just found it interested that no-one is using 256AES. You would think it would be more widespread.
     
Loading...
Thread Status:
Not open for further replies.