hate these ads?, log in or register to hide them
Page 1 of 5 1234 ... LastLast
Results 1 to 20 of 95

Thread: The Matasano crypto challenges

  1. #1
    Administrator Movember 2012 Don Pellegrino's Avatar
    Join Date
    April 9, 2011
    Location
    Montreal, Canada
    Posts
    3,267

    The Matasano crypto challenges

    There's a software security company called Matasano that released a list of cryptography challenges a few weeks ago.
    The point is to teach cryptography and common attacks to programmers by implementing those attacks.

    It's a blast. I don't think I've ever had that much fun programming ever before.
    The challenges start easy and they build on each other.
    They get hard quickly, but they're never too hard.
    The instructions given are just enough to make you think hard and bash your head on a desk, but still detailed enough so that people don't give up.
    Many of them make you break some kind of encryption and the satisfaction to decrypt the plaintext one byte at a time is great.

    It requires no initial knowledge of crypto and 9th grade math is enough.
    The programming skill required is slightly above being able to write loops and ifs.

    They'll make you a better programmer one challenge at a time and the attacks are really neat, most of them actually work in the wild because people use flawed software.

    There's 48 of them, to get the first set of 8, send a mail to cryptopals at matasano.com. Just say you want in.
    After you've completed the first set, you reply with the answers and your source code to get the next set.

    Less than 20 people have completed them all so far, over 4000 have requested the first set. 300 only have completed the first set.

    Anyway, give them a try, you won't regret it. They're addictive. And really fun. And clever. And neat. I'm at #19 right now.

    http://www.matasano.com/articles/crypto-challenges/
    https://blog.pinboard.in/2013/04/the...to_challenges/

  2. #2
    theBlind's Avatar
    Join Date
    April 9, 2011
    Posts
    1,107
    This sounds interesting, so I've requested the first batch. We'll see what I can do with them.
    Tanks: theBlind[URBAD] (in my heart there will always be a place for [FAIL])
    Planetside2: [UBAD]theAngelic

  3. #3
    Tyrehl's Avatar
    Join Date
    April 9, 2011
    Location
    [STUGH] Rote Kapelle
    Posts
    2,207
    Quote Originally Posted by theBlind View Post
    This sounds interesting, so I've requested the first batch. We'll see what I can do with them.
    Quote Originally Posted by tekai
    [21:34:02] <tekai> examine all options and take the least worst one

  4. #4
    Donor
    Join Date
    April 11, 2011
    Location
    The Netherlands
    Posts
    918
    Time to test my Javascript skills!

  5. #5

    Join Date
    July 17, 2011
    Posts
    1,518
    I want to check these out, but why do I have to A) send in emails to get them and B) why can't I find a Wikipedia entry on matasano? :tinfoil:

  6. #6
    Administrator Movember 2012 Don Pellegrino's Avatar
    Join Date
    April 9, 2011
    Location
    Montreal, Canada
    Posts
    3,267
    Quote Originally Posted by jbend9620 View Post
    I want to check these out, but why do I have to A) send in emails to get them and B) why can't I find a Wikipedia entry on matasano?
    A) To filter out those that aren't actually interested. These guys look at your source code and it takes time.
    Also, the only rule is that you don't share your source code, instructions on how to solve the challenges or the challenges themselves on the internet. By making people do a little bit of manual work, they can filter out most of those that wouldn't put any effort or would post the challenges online.

    B) They only have 30 employees, but there's a lot of information about them in news articles and research papers they've published. Just google "matasano security".
    Last edited by Don Pellegrino; May 15 2013 at 05:21:02 PM.

  7. #7

    Join Date
    April 16, 2011
    Posts
    158
    Quote Originally Posted by theBlind View Post
    This sounds interesting, so I've requested the first batch. We'll see what I can do with them.

  8. #8

    Join Date
    April 11, 2011
    Posts
    381
    I requested the first batch yesterday, but still haven't received anything. I was looking forward to wasting a day on this.

  9. #9
    Super Moderator Global Moderator QuackBot's Avatar
    Join Date
    March 7, 2012
    Posts
    7,814
    Quote Originally Posted by Don Pellegrino View Post
    Quote Originally Posted by jbend9620 View Post
    I want to check these out, but why do I have to A) send in emails to get them and B) why can't I find a Wikipedia entry on matasano?
    A) To filter out those that aren't actually interested. These guys look at your source code and it takes time.
    Also, the only rule is that you don't share your source code, instructions on how to solve the challenges or the challenges themselves on the internet. By making people do a little bit of manual work, they can filter out most of those that wouldn't put any effort or would post the challenges online.

    B) They only have 30 employees, but there's a lot of information about them in news articles and research papers they've published. Just google "matasano security".
    Also, the instructions.

  10. #10
    Movember 2012 I Legionnaire's Avatar
    Join Date
    April 9, 2011
    Posts
    2,665
    Got the first batch, I have a lot of reading to do from the looks of it. Probably gonna go with python, just using the standard lib.
    Look on my neckbeard ye Mighty, and despair!

  11. #11
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    13,187
    Quote Originally Posted by I Legionnaire View Post
    Got the first batch, I have a lot of reading to do from the looks of it. Probably gonna go with python, just using the standard lib.
    Please tell me if this is something that is worth doing to learn python with.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  12. #12
    Donor
    Join Date
    April 11, 2011
    Location
    The Netherlands
    Posts
    918
    It's pretty much doable in every language from the looks of these assignments. Definitely going to try out node.js with this.

  13. #13

    Join Date
    April 13, 2011
    Posts
    3,313
    Quote Originally Posted by Lana Torrin View Post
    Quote Originally Posted by I Legionnaire View Post
    Got the first batch, I have a lot of reading to do from the looks of it. Probably gonna go with python, just using the standard lib.
    Please tell me if this is something that is worth doing to learn python with.
    I've just received the first batch. This is definitely worth doing in python because it should minimise juggling types just to kludge something into working, but it looks like any language will work and really is going to be a great way to learn that language, because you'll be working on a nice mix of low- and high-level stuff. If you've ever studied an undergraduate crypto/security module, or you've done something like coursera's crypto module, this first batch of exercises doesn't look too dissimilar to the kind of work you'd be asked to do in that.

    It is, however, a lot more thorough. They seem to take the form of implementing an algorithm or tool, and then breaking it, or using it to break something else, so there's going to be a fair bit of reading and tweaking just to get the initial implementation bit done right.

    I'm actually impressed by the standard of this first set - I've done my fair share of crypto so I know what I'm doing with each of them, but as I said they're definitely at a good undergraduate level in terms of the theory being applied (don't let this scare you - crypto is a doddle), so it should get very interesting in the later stages.

  14. #14
    Donor Rami's Avatar
    Join Date
    April 10, 2011
    Location
    London
    Posts
    822
    This is quite fun, especially P3 of set 1 (which you use later on).
      Spoiler:
    Had not thought about index of coincidence for a long time.

  15. #15
    Frug's Avatar
    Join Date
    April 9, 2011
    Location
    Canada
    Posts
    6,855
    If I do this, will I be a real programmer?

    Quote Originally Posted by Loire
    I'm too stupid to say anything that deserves being in your magnificent signature.

  16. #16
    Administrator Movember 2012 Don Pellegrino's Avatar
    Join Date
    April 9, 2011
    Location
    Montreal, Canada
    Posts
    3,267
    Yeah, they're a great opportunity to learn a new language.
    Also, make sure that your language of choice has a way of (ideally) calling openSSL or at least built-in AES support.
    I'm doing this with Node.js, declarative style with a ton of method chaining and modified prototypes for arrays, buffers and strings.

  17. #17
    Donor
    Join Date
    April 11, 2011
    Location
    The Netherlands
    Posts
    918
    Quote Originally Posted by Frug View Post
    If I do this, will I be a real programmer?
    No. A real programmer should be conceptually strong, be able to think in abstractions and needs practice and a good mentor.
    But it's a good way to learn a language.

  18. #18
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    13,187
    Quote Originally Posted by Don Pellegrino View Post
    Yeah, they're a great opportunity to learn a new language.
    Also, make sure that your language of choice has a way of (ideally) calling openSSL or at least built-in AES support.
    I'm doing this with Node.js, declarative style with a ton of method chaining and modified prototypes for arrays, buffers and strings.
    Part of me wants to give it a shot in powershell knowing that I would have to build most of that support.

    Tapaderpin
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  19. #19
    Administrator Movember 2012 Don Pellegrino's Avatar
    Join Date
    April 9, 2011
    Location
    Montreal, Canada
    Posts
    3,267
    Quote Originally Posted by Lana Torrin View Post
    Quote Originally Posted by Don Pellegrino View Post
    Yeah, they're a great opportunity to learn a new language.
    Also, make sure that your language of choice has a way of (ideally) calling openSSL or at least built-in AES support.
    I'm doing this with Node.js, declarative style with a ton of method chaining and modified prototypes for arrays, buffers and strings.
    Part of me wants to give it a shot in powershell knowing that I would have to build most of that support.

    Tapaderpin
    There's kind of a "competition" going on to finish all 6 sets in esoteric languages and to be the first to do it in whatever language. There's a guy that's doing it all in Cocoa/Obj-C with GUIs, another that's using Excel and programming it all directly in cells, another that finished it in pure Haskell, another in Clojure and even 2 masochistic people finished it all in PHP. Apparently, the 3 most popular languages are Go, Python and Ruby, but really anything will get the job done.

    https://twitter.com/tqbf

  20. #20
    fuck entrox Donor Jason Marshall's Avatar
    Join Date
    April 12, 2011
    Location
    Civilization
    Posts
    7,800
    I have gotten through 3 since receiving my first set.

    There goes my productivity until I finish the entire first set atleast, and I am not by any means a fast or even good coder. Its really knocked off a lot of the rust and I can already feel my mind expanding a bit..

    "Sometimes someone just needs to be the OP" -Tellenta Philosopher of our People.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •