Implementing this right is surprisingly hard, as the Debian SSL fiasco and the J... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ge0rg on April 23, 2015 | parent | context | favorite | on: Ransomware Decryptor

Implementing this right is surprisingly hard, as the Debian SSL fiasco and the Java/Android's so called SecureRandom RNG have shown. Maybe they were using a defective RNG for the keys as well, so in total there is a very limited number of keys out there, making collisions probable?

duskwuff on April 23, 2015 [–]

Or possibly they seized the C&C servers and recovered all of the encryption keys stored on them?

fragmede on April 23, 2015 | [–]

That's exactly what happened.

https://securelist.com/blog/69595/challenging-coinvault-its-...

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact