Dnia wtorek, 17 lutego 2015 10:54:34 Robert Sebastian Gerus pisze:
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20 150216
Moar info: https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pd... http://ars.to/1EdOXWo
Oslo, z PDFa:
"Interestingly, the so-called Q constant usage is a bit different in the reference code.
Inside the Equation group malware, the encryption library uses a subtract operation with the constant 0x61C88647. In most publicly available RC5/6 code, this constant is usually stored as 0x9E3779B9, which is basically -0x61C88647. Since an addition is faster on certain hardware than a subtraction, it makes sense to store the constant in its negative form and adding it instead of subtracting."
Mają rozmach, skurwysyny.