That's why you create a lengthy random key (that you know it cant be brute force... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		stiray on Nov 18, 2022 \| parent \| context \| favorite \| on: Researchers quietly cracked Zeppelin ransomware ke... That's why you create a lengthy random key (that you know it cant be brute forced) and encrypt everything using it and symmetric encryption. Than you store that random key encrypted with asymmetric algorithm. Same goes for things like disk encryption. You never use the users key for encrypting the data. You always encrypt using random large key that is not brute-forcable and encrypt that one with user password, so the process of changing the user password is just decrypting the random key and encrypting it back with new password. Or you would have to re-encrypt the whole disk on password change

LeifCarrotson on Nov 18, 2022 [–]

Shh, don't give them any ideas!

bluGill on Nov 18, 2022 | [–]

If you have read anything at all about encryption written since 1997 (probably before, that is when I first started reading) you already knew that.

LeifCarrotson on Nov 19, 2022 | | [–]

If.

Most ransomware authors, I'd wager, have not been reading since before 1997.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact