Crypto breakthrough shows Flame was designed by world-class scientists

News · 06-08-12, 05:20 AM

An overview of a chosen-prefix collision
Marc Stevens

Flame

The Flame espionage malware that infected computers in Iran achieved mathematic breakthroughs that could only have been accomplished by world-class cryptographers, two of the world's foremost cryptography experts said.

"We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack," Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. "The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications."

"Collision" attacks, in which two different sources of plaintext generate identical cryptographic hashes, have long been theorized. But it wasn't until late 2008 that a team of researchers made one truly practical. By using a bank of 200 PlayStation 3 consoles to find collisions in the MD5 algorithm'and exploiting weaknesses in the way secure sockets layer certificates were issued'they constructed a rogue certificate authority that was trusted by all major browsers and operating systems. Stevens, from the Centrum Wiskunde & Informatica in Amsterdam, and de Wegwer, of the Technische Universiteit Eindhoven were two of the driving forces behind the research that made it possible.

Read more | Comments

More...

06-08-12, 05:20 AM	#1
News Registered User Join Date: Jun 2009 Posts: 34,597	Crypto breakthrough shows Flame was designed by world-class scientists An overview of a chosen-prefix collision Marc Stevens Flame Flame's "god mode cheat code" wielded to hijack Windows 7, Server 2008 (Updated) Flame malware wielded rare "collision" crypto attack against Microsoft Flame malware hijacks Windows Update to spread from PC to PC Iran-targeting Flame malware used huge network to steal blueprints Spy software's Bluetooth capability allowed stalking of Iranian victims The Flame espionage malware that infected computers in Iran achieved mathematic breakthroughs that could only have been accomplished by world-class cryptographers, two of the world's foremost cryptography experts said. "We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack," Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. "The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications." "Collision" attacks, in which two different sources of plaintext generate identical cryptographic hashes, have long been theorized. But it wasn't until late 2008 that a team of researchers made one truly practical. By using a bank of 200 PlayStation 3 consoles to find collisions in the MD5 algorithm'and exploiting weaknesses in the way secure sockets layer certificates were issued'they constructed a rogue certificate authority that was trusted by all major browsers and operating systems. Stevens, from the Centrum Wiskunde & Informatica in Amsterdam, and de Wegwer, of the Technische Universiteit Eindhoven were two of the driving forces behind the research that made it possible. Read more \| Comments More...

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
World of Battleships trailer shows large ships and larger explosions	News	Latest Tech And Game Headlines	0	06-05-12 06:30 PM
X Failed to load NVdriver	c00lr4c3r	NVIDIA Linux	13	10-22-02 01:44 PM
Need help to get the X to work on my Acer TravelMate 630	knchee	NVIDIA Linux	16	09-19-02 10:16 PM