Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

Matasano Crypto Challenges

Name: Anonymous 2013-09-11 2:23

Anyone done these before? Looks like fun, just sent the request e-mail. I'll try to report back!

We've built a collection of 48 exercises that demonstrate attacks on real-world crypto.

This is a different way to learn about crypto than taking a class or reading a book. We give you problems to solve. They're derived from weaknesses in real-world systems and modern cryptographic constructions. We give you enough info to learn about the underlying crypto concepts yourself. When you're finished, you'll not only have learned a good deal about how cryptosystems are built, but you'll also understand how they're attacked.
http://www.matasano.com/articles/crypto-challenges/

Name: Anonymous 2013-09-11 2:39

What are the rules?
Just one: please don't share what we send you, or your answers.
Aww...

Name: Anonymous 2013-09-11 2:54

>>2
I kind of like that, makes it more of a real challenge. If other people here do them too then it wouldn't be too hard to discuss without giving anything away. Some more info on how it works here: https://blog.pinboard.in/2013/04/the_matasano_crypto_challenges/

Also of interest is their research page (http://www.matasano.com/research/). Lots of pretty neat stuff.

Name: Anonymous 2013-09-11 6:28

I found a page some time ago where a CS professor would give out neat prizes for efficient solutions to CS problems. It was pretty neat, the problems were interesting. I'm having a hard time finding it now.

I'm less interested in crypto problems because in reality crypto isn't hard, it's just made esoteric on purpose.

Name: Anonymous 2013-09-11 7:16

Ha! I found it on Open Directory:

http://www.azspcs.net/

Name: Anonymous 2013-09-11 8:28

If you complete the challenges we'll try to donate 20 dollars

Ugh.

Name: Anonymous 2013-09-11 10:34

>>3
That's not it. If you finish the challenge[s] you should be able to discuss them, and share them publicly for others to learn from and attempt. From what >>2 and >>6 mention, it's as if they are using your answers to exhort actual people they break into their systems, instead of just giving you a known challenge to test with.

This pretty much says that they using your answers for exhortation:
There's no grading. We probably won't run your code (we'll definitely read it though).
Also if you can breeze through these we'd probably love to try to hire you. But don't worry: we're not recruiters and we're not jerks. (Incidentally, if you're interested in the kind of work we do, don't wait to get through the challenges to contact us.)

Name: Anonymous 2013-09-11 10:54

>>7
``exhortation''? Are you using that word correctly? I'm unsure of what you're trying to say.

Regardless, I wouldn't really want to work for them. Specifically due to:

Our "house language" is Ruby, but most of the people who join our team don't know it coming in the door.

With that said: everybody on our team can deliver a solid web application pentest. We don't have a kind of tester that doesn't do web apps.

I'm imagining a team of starbucks hipsters using metasploit now.

Name: Anonymous 2013-09-11 11:32

>>8
"Extortion," spell checker failure.

And yeah, I noticed such reading the http://www.matasano.com/research/ page. I am like, "Why u not using Haskel or ta Schema?"_brain_full_of_fuck.png

Name: Anonymous 2013-09-11 11:49

>>9
Could you please not use imageboard memes here? It's not that we hate them all, but they tend to attract the wrong kind of crowd.

Name: Anonymous 2013-09-11 11:50

>>10
It's not that we hate them all
I hate them all.

Name: Anonymous 2013-09-11 11:57

>>11
Not all of us hate all, ergo your wrong bitch.

Name: Anonymous 2013-09-11 11:59

>>12
I'm not wrong. You were wrong. ``It's not that we hate them all'' is wrong if one person hates them all. ``I hate them all'' is not wrong if I hate them all.

>>10,12 YHBT

Name: Ayhbtymous 2013-09-11 12:13

>>13
Unfortunately I can't put ``YHBT'' in the sage field anymore, so I'll put it in the name field instead.

Name: >>9 2013-09-11 12:35

Ok, then allow me to correct:
"Why u not use Haskel or ta Scheme?_418_error.dmp

Name: Anonymous 2013-09-11 21:07

Hmmmm, still haven't received the first e-mail. Maybe I took the ``Just say you want in!" bit a bit too literally...

Name: Anonymous 2013-09-11 21:45

>>16
Huh? What would they mean then?

Name: 2013-09-12 3:10

GCHQ doing recruiting campaign, offering prizes and for UK residents that crack a cipher. Successful solvers will also be given the choice to "Opt-in to receive future employment related opportunities"
https://canyoufindit.co.uk/

>>17
Eh, I don't know. I need something to do, and this looked fun. They're probably just busy.

Name: Anonymous 2013-09-13 1:04

I read that as ``Monsanto Crypto Challenges''.

Name: Anonymous 2013-09-13 6:35

>>19
Me too.

Name: 2013-09-15 18:58

Well, if anyone wants an update, I'm almost through the first section. Pretty easy once I got used to working with bytestrings and bytearrays, but I'm stuck because I can't fucking detect plaintext to save my life.

Name: ‮‭ 2013-09-15 19:10

>>21
First, do bi-direction correctly in the name filed.

Second, file(), od(), or check if bytes are 256 byte works or more. Simple as that.

Name: ‮‭ 2013-09-15 19:12

s/works/words/

Name: Anonymous 2013-09-15 22:13

>>22
do bi-direction correctly
My bad, autofill put it there.
file(), od()
I'm not entirely sure what you mean. My problem is that I need to determine if a string has been properly decoded by only looking at every nth character.

For example I'm trying to find out if "Some sort of programming BBS" has been decoded with the right key by only looking at "Seo oai S", "o ropgmnB", and "mstfrrmgB"

Name: Anonymous 2013-09-15 22:22

>>24
Oh, and I am filtering results that have bytes >= 256.

Name: Anonymous 2013-09-15 22:27

>>24
http://linux.die.net/man/1/file
http://linux.die.net/man/1/od

Also recall strings are usually 7 bits or 8. This is a size length technique.

Name: Anonymous 2013-09-15 22:30

s/ strings/character strings/

Name: Anonymous 2013-09-16 15:31

>>21
$ cat is_plaintext.c
#include <stdio.h> /*
set -e
gcc -O3 -o is_plaintext is_plaintext.c
exit 0
*/
#define BUFFA_SIZE 100
int main() {
unsigned int good=0,bad=0;
int i;
unsigned char buffa[BUFFA_SIZE];
size_t bytes_read = fread(buffa,1,BUFFA_SIZE,stdin);
for (i=0;i<bytes_read;i++) {
unsigned char c = buffa[i];
if ((c >= 32 && c <= 127) || c == 10)
good++; else bad++;
}
return (bad*2 < good) ? 0 : 1;
}

Name: Anonymous 2013-09-25 22:26

Update:
Finished with the first set, almost through with the second. Really enjoying it so far. Been able to work it all out, even though my code looks like spaghetti in diarrhea sauce. (It's more of a problem of me being a shit programmer and not knowing how to do what I want to do rather than not knowing what to do.)

>>28,26,22
I appreciate the help. Turned out that the real problem was elsewhere, though I stumbled across the right method for this bit when I replaced what I had with a much simpler method as a placeholder. Funny how that works out sometimes.
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode + RSS -