Following work offers interesting followup on reverse-engineering how the Flame MD5 collision attack was done:
http://www.illc.uva.nl/Research/Reports/MoL-2013-23.text.pdf According to the author, the attack was similar to Stevens et al.'s chosen-prefix attack, but employs a bit more brute-force than necessary. Ondrej _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography