MisterFister
Valued Member
Morning Folks!
I tried to decrypt one of hrenkis files on my machine. It worked immediately. Password could be recovered. This means, that it is not depending on the Computer running in safe mode.
I opened one of the encrypred files with TinyHexer. It's got the same known signature at the beginning. I don't think, that the criminal has changed the encryption algorithm. What i can imagine is, that the keys for the encryption might get longer or better over time. As machura mentioned, rhenki's id starts wirh a Zero. My Id starts with 2. Mayby the attacker changed the range or length of used keys for the encryption. or even worse, he maybe changed the hash algorithm for creating the keys. This could in worst case mean, that the kaspersky tool can't cover the key space used for higher id values. This would be verry bad News for some of us...
I tried to decrypt one of hrenkis files on my machine. It worked immediately. Password could be recovered. This means, that it is not depending on the Computer running in safe mode.
I opened one of the encrypred files with TinyHexer. It's got the same known signature at the beginning. I don't think, that the criminal has changed the encryption algorithm. What i can imagine is, that the keys for the encryption might get longer or better over time. As machura mentioned, rhenki's id starts wirh a Zero. My Id starts with 2. Mayby the attacker changed the range or length of used keys for the encryption. or even worse, he maybe changed the hash algorithm for creating the keys. This could in worst case mean, that the kaspersky tool can't cover the key space used for higher id values. This would be verry bad News for some of us...