Now, factoring RSA-1024... I wonder just how feasible that is, even with a SETI or Folding@Home size grid. Probably more realistic to track down the bastard.
It seems to me that, provided the arsehole isn't using an open proxy, or TOR etc., the assistance of his email providers, or his credit card processors etc. in this case could quite easily lead to his eventual identification.
On another note, after further googling it appears that Gpcode is generating what KL are calling a "master" key when it begins its work, then modifying the key for each file it encrypts, using some unique aspect of the file itself (its creation time, file name etc) thereby making the approach toward cracking the RC4 that much more complicated. KL are keeping extraordinarily tight-lipped about this process for an organisation claiming to want to put an end to this outbreak. Hypothetically, if KL were to release this kind of information, both the Fluhrer, Mantin & Shamir
, and the Klein
attack could be quite successful in breaking the encryption, provided the author had not defended against one or the other and that the key length was sufficiently small.
Is he using the Microsoft cryptography provider for the RC4, or just the RSA i wonder. The Microsoft cryptography documentation does not supply information regarding defense against known attacks, so one can most likely safely assume it is not protected against either of the attacks listed above. Though if the author were to be using 3rd party code for the RC4, then he would be free to introduce any modification to the algorithm he wanted.