Eugen Leitl <eugen@leitl.org> quotes:
And suddenly, just like that, the discussion on whether Flame is lame or not b&vanished.
Yeah, because cryptographacamy is magic. The exploit may have used 0day and rootkits and ROP and stealth techniques and self-modifying code and who knows what else, but any five-year-old can do that. However, if there's any cryptographi... cryptograma... magic involved then it had to have been done by sikrit gummint agencies. I'm not saying it was or it wasn't, but I am a bit disturbed at the level of magical thinking that goes with anything involving crypto. There have been some pretty sophisticated attacks on crypto keys in embedded devices for jailbreaking purposes that were done by enthusiastic amateurs, not even the likes of (to pick some random examples of crypto people who've done this before) David Wagner or Ed Felten or Markus Kuhn but just some random guys who decided to give it a go. Looked at another way, if you submitted a paper "Yet another chosen prefix attack on MD5" to Crypto/AsiaCrypt/Eurocrypt, do you think it'd get accepted?. I'm not trying to denigrate the achievement, just to add a little perspective. Peter.