I’m thinking it may now be a good idea to take what is related to the TwoFish and RC4 message and remove it from the equation, and hopefully what we have left behind will guide us towards the keys and the IV/mode we need for the 2F encryption.
I don’t think it’s going to be as simple as BenallohPaillier, although the extra “l” in that makes it 16 bytes, which was either a hint as to what the key is, or may just be a hint at the key size. Remember, Storm did add an extra L to it to make it 16 bytes, so that fact is definitely important.
He stated in the message that it may be given in a “less than obvious way,” which I take to mean that we may have to infer it, unlike the previous SECOM key which was actually written down. Then again, he did say the solution was “visible,” although, as we now know, that could just mean that the methodology was visible, not so much the keys.
Now, pretty much everything in that “Handy info” list could work as a key, so that’s at least a start. Anyone who is comfortable analyzing ciphertext may have an easier time of giving just the 2F decryption a go, and analyzing the result. I imagine the result that needs the RC4 would be a little easier to spot patterns with, seeing as it’s a stream cipher.
Anyhow, just some thoughts for now. I will be giving the scripting a go here in a few, assuming I can figure out how to implement it.