2012 Jun 7, 9:12
So this is another Stuxnet by Israel/US?
The analysis reinforces theories that researchers from Kaspersky Lab, CrySyS Lab, and Symantec published almost two weeks ago. Namely, Flame could only have been developed with the backing of a
wealthy nation-state. … “It’s not a garden-variety collision attack, or just an implementation of previous MD5 collisions papers—which would be difficult enough,” Matthew Green, a professor
specializing in cryptography in the computer science department at Johns Hopkins University, told Ars. “There were mathematicians doing new science to make Flame work.”
technical security web internet md5 cryptography flame 2010 Dec 13, 11:12Used to generate publicly verifiable random numbers. For instance to pick 'xn--' for the IDN prefix from a set of prefixes, they decided on a hash, a set of stocks and a time in the future
to generate the hash from the stock values. The resulting value is random and anyone can check the work to verify that it was chosen randomly.
Although, now looking back from the future I can't verify that they didn't generate this data after the stock quotes came out. And they're using MD5...
rfc algorithm random election ietf technical 2008 May 30, 10:48"I thought it would be interesting to visualise MD5's internal state for these two blocks."
via:kris.kowal md5 security visualization blog