Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My crazyest idea yet


  • Please log in to reply
13 replies to this topic

#1 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:28 PM

Posted 26 January 2016 - 11:04 AM

This idea was brought about by all the ransom ware out there lately.

The general problem faceing decrypton is a lack of computeing power to decrypt in a reasonable amount of time as I see it.

 

Would linking a number of computers together and useing the folding technology [shared computeing] only this time dedicate all of the recources to decrypton.  Would this not make a mainframe?  With enough computers even a super computer.

 

Exactly how I do not know yet or even if it could be done.  Would it still be limited to the abilities of the decrypton software.

 

A lot more questions than answers I know.


Edited by hamluis, 15 February 2016 - 04:54 PM.
Moved from Internal Hardware to Gen Security - Hamluis.

HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:06:28 PM

Posted 26 January 2016 - 11:14 AM

Properly implemented encryption is impossible to brute force. While some/most ransomware implements it incorrectly (storing the keys on the computer, insecure random number generators, etc), properly implemented AES and/or RSA cannot be brute forced in the entire lifetime of this universe.
 

It would take 10^38 Tianhe-2 Supercomputers running for the entirety of the existence of everything to exhaust half of the keyspace of a AES-256 key.


- https://www.reddit.com/r/theydidthemath/comments/1x50xl/time_and_energy_required_to_bruteforce_a_aes256/ (this source may be slightly inaccurate, as it's underestimating the amount of gigaflops in a common GPU, but it is still quite long to crack.)

When RSA is used, you would need more CPUs than atoms that exist in this universe. GPUs do not make it happen for millennia either, nor could you re-use the generation of all of these numbers, because all of the storage capacity we currently have in the world would not be big enough.

Edited by iangcarroll, 26 January 2016 - 02:30 PM.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:28 PM

Posted 26 January 2016 - 12:27 PM

While I will not argue about brute force any increased computer power would have to help some.

Super computers there are less than a dozen in the world, according to the web and their computing time is very expensive and most are allready booked into the next century.  So has anybody even tried or just relying on the mathmatic assumptions.

 

I did say it was a crazy idea.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#4 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:06:28 PM

Posted 26 January 2016 - 01:00 PM

While I will not argue about brute force any increased computer power would have to help some.
Super computers there are less than a dozen in the world, according to the web and their computing time is very expensive and most are allready booked into the next century.  So has anybody even tried or just relying on the mathmatic assumptions.
 
I did say it was a crazy idea.


If we use the new Magic ransomware as an example:

It's using AES-256-CBC, which has a 256-bit key. This means that there are 2^256 possible keys. Expanded, there are 115792089237316195423570985008687907853269984665640564039457584007913129639936 possible keys. If you calculate .1% of these keys, which is probably the minimum probability that could help anyone, you would have 1157920000000000000000000000000000000000000000000000000000000000000000000000 keys. Even if you generate all of these keys, which you can't in any reasonable timeframe, you would need 144700000000000000000000000000000000000000000000000000000000 _petabytes_ to store them all. Not to mention the fact you would need a way to query and test against this massive amount of keys to see if yours is there.

 

Note that my numbers might be 100% accurate, but you cannot crack AES today, regardless of the accuracy of these numbers.

The math isn't theoretical (you could try it yourself, but you'd just be burning energy you could save). AES is used to protect network traffic, classified documents, etc because of how unbreakable it is.

When you consider that the Magic ransomware probably has only hit ~100 people, there is a 0.00000000000000000000000000000000000000000000000000000000000000000000000000086361686% chance that a key you generate is the key needed to decrypt someone's files.

(I get it's a crazy idea, but I'm here to tell you it can't work. Nobody would use AES if it did. :))


Edited by iangcarroll, 09 February 2016 - 09:00 PM.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#5 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:28 PM

Posted 26 January 2016 - 01:13 PM

Fair enough.  So what you are saying even if you increased the computeing power 10,000 times and all it did was one thing only you still would not be able to break encryption?


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#6 Ram4x4

Ram4x4

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:06:28 PM

Posted 26 January 2016 - 01:29 PM

Precisely.  10,000 PC's in distributed computing wouldn't even make a dent.  And that's just computing power alone...you still have to account for storage.



#7 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:28 PM

Posted 26 January 2016 - 02:14 PM

So 20,000 GHZ processor and 80,000 GB memory and 400,000 GB storage would not make a dent??????


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#8 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:06:28 PM

Posted 26 January 2016 - 02:24 PM

No. You must not grasp the sheer size of the numbers I've given you. (400,000 GB is not even a petabyte.) If you could make a dent in AES, the NSA would not let any government agencies use it.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#9 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:28 PM

Posted 26 January 2016 - 02:39 PM

Ok now that makes sense. Clears that up for me.

Thank you both.  End of discussion.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#10 Ram4x4

Ram4x4

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:06:28 PM

Posted 26 January 2016 - 05:18 PM

So 20,000 GHZ processor and 80,000 GB memory and 400,000 GB storage would not make a dent??????

 

Nope.



#11 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:28 PM

Posted 09 February 2016 - 08:49 PM

And if you linked a million computers together would maybe that be a help?

The technology allready exist.  Stanford Univerisity created a 119,xxx tetraflop super computer [however big that is] useing less than 115,000 computers. way back when a GB computer was almost unheard of.

 

What do ya think could be made today with modern systems.  By the way that was with useing a small percentage of each computers power.  What could ya build use 50% or more or any % in between.

 

While it still may not be enough to brute force it would bound to be able to help in researching other flaws.

All I really been trying to get at.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#12 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:06:28 PM

Posted 09 February 2016 - 09:30 PM

And if you linked a million computers together would maybe that be a help?


No. It would be cheaper to just automatically backup every consumer PC in the world.

I'm sorry, but I cannot spend more time trying to explain to you that the entire world does not rely on encryption that can be cracked within our current abilities. That would be ridiculous, no?

In the somewhat distant future, AES's 256-bit keyspace will probably not be big enough to deter quantum computing. But this is a long ways off; we do not yet have (today) a quantum computer that can actually execute Shor's algorithm or brute force AES keys. But computing has not evolved to that point yet (if it had, would ransomware authors really be using what they are today?)

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#13 mjd420nova

mjd420nova

  • Members
  • 1,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 10 February 2016 - 12:48 PM

The thing is with the ransomware is that there isn't just one decryption key.  Each infection is unique and has its own key.  It's not as simple as using one computer to figure out the formula being used to generate random(?) numbers on another computer and getting 20 numbers correct on a KENO card.



#14 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:28 PM

Posted 12 February 2016 - 02:43 PM

My apologies I forgot how pointless it was trying to get someone to think out of the box that does not admit that the box even exists.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users