Entries Tagged "Blowfish"

Page 1 of 1

PowerLocker uses Blowfish

There’s a new piece of ransomware out there, PowerLocker (also called PrisonLocker), that uses Blowfish:

PowerLocker could prove an even more potent threat because it would be sold in underground forums as a DIY malware kit to anyone who can afford the $100 for a license, Friday’s post warned. CryptoLocker, by contrast, was custom built for use by a single crime gang. What’s more, PowerLocker might also offer several advanced features, including the ability to disable the task manager, registry editor, and other administration functions built into the Windows operating system. Screen shots and online discussions also indicate the newer malware may contain protections that prevent it from being reverse engineered when run on virtual machines.

PowerLocker encrypts files using keys based on the Blowfish algorithm. Each key is then encrypted to a file that can only be unlocked by a 2048-bit private RSA key. The Malware Must Die researchers said they had been monitoring the discussions for the past few months. The possibility of a new crypto-based ransomware threat comes as developers continue to make improvements to the older CryptoLocker title. Late last month, for instance, researchers at antivirus provider Trend Micro said newer versions gave the CryptoLocker self-replicating abilities that allowed it to spread through USB thumb drives.

Posted on January 17, 2014 at 2:57 PMView Comments

Blowfish in Fiction

The algorithm is mentioned in Von Neumann’s War, by John Ringo and Travis Taylor.

P. 495:

The guy was using a fairly simple buffer overflow attack but with a very nice little fillip of an encryption packet designed to overcome Blowfish. The point seemed to be to create a zero day exploit, which he didn’t have a chance of managing. So far, nobody had cracked Blowfish.

P. 504:

As far as he could tell, at first, it was a simple Denial of Service attack. A DoS occurred when… But this one was different. Every single packet contained some sort of cracking program … Most had dumped to the honey trap, but they were running rampant through there, while others had managed to hammer past two firewalls and were getting to his final line of defense. Somebody had managed a zero day exploit on Blowfish. And more were coming in!

Posted on November 13, 2009 at 2:43 PMView Comments

Blowfish on 24, Again

Three nights ago, my encryption algorithm Blowfish was mentioned on the Fox show 24. The clip is available here, or streaming on Hulu. This is the exchange:

Janis Gold: I isolated the data Renee uploaded to Bauer but I can’t get past the filed header.

Larry Moss: What does that mean?

JG: She encrypted the name and address she used and I can’t seem to crack it.

LM: Who can?

JG: She used her personal computer. This is very serious encryption. I mean, there are some high-level people who can do it.

LM: Like who?

JG: Chloe O’Brian, but from what you told me earlier she’s too loyal to Bauer.

LM: Is her husband still here?

JG: Yes, he’s waiting to see you.

LM: He’s a level 6 analyst too.

JG: Mr. O’Brian, a short time ago one of our agents was in touch with Jack Bauer. She sent a name and address that we assume is his next destination. Unfortunately, it’s encrypted with Blowfish 148 and no one here knows how to crack that. Therefore, we need your help, please.

Morris O’Brian: Show me the file.

MO: Where’s your information. 16 or 32 bit wavelength word length?

JG: 32.

MO: Native or modified data points?

JG: Native.

MO: The designer of this algorithm built a backdoor into his code. Decryption’s a piece of cake if you know the override codes.

LM: And you do?

MO: Yeah.

LM: Will this take long?

MO: Course not.

LM: Mr. O’Brian, can you tell me specifically when you’ll have the file decrypted?

MO: Yes.

MO: Now.

O’Brian spends just over 30 seconds at the keyboard.

This is the second time Blowfish has appeared on the show. It was broken the first time, too.

EDITED TO ADD (4/14): Avi Rubin comments.

Posted on March 19, 2009 at 12:18 PMView Comments

Adi Shamir's Cube Attacks

At this moment, Adi Shamir is giving an invited talk at the Crypto 2008 conference about a new type of cryptanalytic attack called “cube attacks.” He claims very broad applicability to stream and block ciphers.

My personal joke—at least I hope it’s a joke—is that he’s going to break every NIST hash submission without ever seeing any of them. (Note: The attack, at least at this point, doesn’t apply to hash functions.)

More later.

EDITED TO ADD (8/19): AES is immune to this attack—the degree of the algebraic polynomial is too high—and all the block ciphers we use have a higher degree. But, in general, anything that can be described with a low-degree polynomial equation is vulnerable: that’s pretty much every LFSR scheme.

EDITED TO ADD (8/19): The typo that amused you all below has been fixed. And this attack doesn’t apply to any block cipher—DES, AES, Blowfish, Twofish, anything else—in common use; their degree is much too high. It doesn’t apply to hash functions at all, at least not yet—but again, the degree of all the common ones is much too high. I will post a link to the paper when it becomes available; I assume Adi will post it soon. (The paper was rejected from Asiacrypt, demonstrating yet again that the conference review process is broken.)

EDITED TO ADD (8/19): Adi’s coauthor is Itai Dinur. Their plan is to submit the paper to Eurocrypt 2009. They will publish it as soon as they can, depending on the Eurocrypt rules about prepublication.

EDITED TO ADD (8/26): Two news articles with not a lot of information.

EDITED TO ADD (9/4): Some more details.

EDITED TO ADD (9/14): The paper is online.

Posted on August 19, 2008 at 1:15 PMView Comments

Blowfish on "24"

Two nights ago, my encryption algorithm Blowfish was mentioned on the Fox show “24.” An alleged computer expert from the fictional anti-terror agency CTU was trying to retrieve some files from a terrorist’s laptop. This is the exchange between the agent and the terrorist’s girlfriend:

They used Blowfish algorithm.

How can you tell?

By the tab on the file headers.

Can you decrypt it?

CTU has a proprietary algorithm. It shouldn’t take that long. We’ll start by trying to hack the password. Let’s start with the basics. Write down nicknames, birthdays, pets—anything you think he might have used.

Posted on April 27, 2005 at 12:26 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.