Author here: I wanted to let everyone know we made some small edits to the text, and added two new branches to our repository: transpiled containing the raw transpiler output [1], and refactored containing the same code [2] after a few refactoring commands.
The closest Rusty feature to C++ templates is most likely macros. I don't think even const generics, specialization etc. (which are WIP anyway at the moment) would be enough to replicate templates in the fully general case.
The simple answer is that C++ templates can do more than Rust generics can, including some things that in Rust you'd use the macro system for, and probably some things that you'd have to translate by expanding out the template and turning that result into Rust.
> Just ship your ransomware with the attacker's public key, generate a symmetric key K locally, encrypt the data with K, encrypt K with the public key, offer to decrypt K for a ransom.
It seems that what they're doing is generating a local Kpub/Kpriv pair, encrypting Kpriv itself and then offering to decrypt it. The files are encrypted with Kpub (approximately, see comments below for details). This has the advantage that they can encrypt all they want without knowing Kpriv, which only needs to live in memory long enough to get encrypted.
I don't know the exact details of how WannaCry encrypts the files, but ransomware generally works like this: when hitting a new machine, it generates a random key K1 and then encrypts all the user's files with AES (or some other symmetric key encryption) using K1 as the key. It then encrypts K1 itself using some public key Kpub embedded in the ransomware, then stores the encrypted K1 on disk. When the user pays the ransom, they receive the corresponding private key Kpriv that allows them to decrypt K1, which then lets them decrypt all their files.
I think what this tool does is read the unencrypted K1 directly from memory, which means Kpriv is no longer needed.
EDIT: One correction: the user doesn't receive Kpriv, instead they send the encrypted K1 to the ransomware owner who decrypts it and sends back K1.
- The attacker's RSA private key (UNKNOWN)
- The attacker's RSA public key (KNOWN)
- The local device's RSA private key (KNOWN, but then poorly wiped)
- This is encrypted with the attacker's RSA public key
- The local device's RSA public key (KNOWN)
- A separate AES key for each file
- These are encrypted with the local device's RSA public key
How decryption should work: Get the local device's RSA private key from the attacker (EDIT: this is not the attacker's RSA private key, it's the local one), then you can decrypt the AES key for each file.
That's exactly the trick: the attacker doesn't send you their private key, they decrypt (using their private key) the other private key that the ransomware generated on your machine, which is what was used to encrypt the per-file AES keys.
To clarify, the files are encrypted with a symmetric key, which even though is "private", is not part of a public-private key pair in asymmetric crypto.
This doesn't appear to be how WannaCry works: as ridiculous as it sounds, it looks like WannaCry actually generates a private key on the infected machine. If you look in search_primes.cpp (from line 251) in the linked repo, you'll see that the tool is literally searching the memory for prime numbers that divide the public modulus.
EDIT: CiPHPerCoder appears to have figured how the key management works.
Right, I see that now. Adding an additional layer of RSA and per-file keys is an interesting twist. Generating a public/private key pair instead of a symmetric key seems to let them encrypt as many files as they want without keeping the private key in memory (which they relied on Windows to erase).
There doesn't seem to be anything dynamic about the algorithm in the article. They still need to precompute the perfect hash function(s) from the entire input data, whereas the hashing approach you linked to can handle adding data incrementally (hence the "dynamic" part).
Good point. The article just does one iteration of generating the layered hash structure for lookups/reference and does not address the issue of growth of the structure. The dynamic perfect hashing technique addresses growth of the structure.
> And who runs foreign policy? How do state secrets work? Is there still a president and a bureaucracy and cabinet ministers?
All of those seem tied to the Executive branch, whereas direct democracy would replace the Legislative (Congress in the US, Parliament in other countries). The current Executive follows the laws that Congress passes, direct democracy wouldn't change that.
I was following and agreeing with you (and was going to upvote you), until the last 2 sentences. You could have made your point without bashing "CS types" and CS/engineering education.
1. and 2. are OK points, but your point 3. is atrocious. In my opinion, destructive behavior isn't really a legitimate form of protest, and as rubidium wrote, you'd be hurting people who are innocent in all this.
Money is both a "unit of account" and "medium of exchange". You can certainly have both of those without government. In some societies, people used seashells, salt, gold coins, or many other things as money. Bitcoin certainly counts as a "non-government money".
Since money is used as a medium of exchange, it's essentially a placeholder for your labor (when you receive it from your employer/customers as payment) or value provided to others. It is arguable whether society has as much right over an individual's labor as he/she does, I think they don't (while society may have a contribution, it might be significantly below 50%).
One last and minor thing we'll have to disagree on: I don't think government equals society. An individual can be a part of society without being part of government, and I also believe government sometimes represents its own interests at the expense of society.
OK let's clarify some basics. You cannot have either unit of account of medium of exchange without a government. Tell me one time in history that has happened. The government is fundamental to any economic system at all.
I know that in an abstract imaginary world you may think something else but that's all it is: imaginary. In the real world, no society = no money = no economics = no government.
Anything that is valuable, fungible and divisible could be used as money (you could even use barrels of oil). For examples, see [1]. Again, a great contemporary example is Bitcoin (not sure why you're ignoring that, it's a great example of money that exists in spite of government, not because of it).
Perhaps what you're referring to is legal tender, which indeed requires a government to exist. However, not all money is legal tender (for example, euros are not legal tender in the US, afaik).
Bitcoin exists in a system that is supported by the state. Money requires the state. You're thinking in very limited terms. Think broadly: in a society which does not have security guaranteed by the state, there will be no economic systems.
Historically, states and credit-based money came first. THEN came the unit of account and medium of exchange money that you are talking about.
Going back to the original point, can you go to a deserted island and make "money"? No. You need society. You need government. You need an economic system. The money is only partially "yours".
> Historically, states and credit-based money came first. THEN came the unit of account and medium of exchange money that you are talking about.
Actually, the Wikipedia page on "fiat money" (if that's what you're referring to) says: "Fiat money originated in 11th century China" [1]. There were many commodity currencies before that.
> Going back to the original point, can you go to a deserted island and make "money"? No. You need society. You need government. You need an economic system. The money is only partially "yours".
That's if there is only one person on that island. If more people live on the island, they might start trading services and use some some improvised currency, e.g., coconuts or seashells. In this case, you have a society and money, but not necessarily a government.
> Actually, the Wikipedia page on "fiat money" (if that's what you're referring to) says: "Fiat money originated in 11th century China" [1].
I'm referring to ledgers of credit. They originated in Mesopotamia, thousands of years ago. Check out the book "Debt" by David Graeber.
> That's if there is only one person on that island. If more people live on the island, they might start trading services and use some some improvised currency, e.g., coconuts or seashells. In this case, you have a society and money, but not necessarily a government.
See, that's completely untrue. What is actually going to happen is that multiple people on that society are going to bludgeon each other to death once there are enough people to constitute a society.
