
The cryptopals crypto challenges - zerognowl
https://cryptopals.com/
======
sdevlin
Quick plug: set 8 is out. It's all about attacks on elliptic curves and GCM.

This set is huge. There's as much content as in any two or three other sets.

This set is tough. It's easily the toughest set so far. And there is some
math. But it's fascinating stuff and (I hope) pretty approachable.

This set is OG cryptopals. That means we're (for now) distributing it via
email. If you want to check it out, send a mail to set8.cryptopals@gmail.com
with subject "Crazy Flamboyant for the Rap Enjoyment".

~~~
FiloSottile
First of all, I swear by Cryptopals. They are what made me realize I get, like
and can do cryptography. They are just the best
programming/math/crypto/anything challenges I've ever played, and one of my
first and most satisfying accomplishments.

Secondly, Sean suggested I should speed run set 8 (which I have been saving to
run through in a single go) live on Twitch.

People seem to like the idea, so I'll have to figure out a schedule, but this
is happening. Check Twitter if you are interested or have advice.

[https://twitter.com/FiloSottile/status/787777267313303553](https://twitter.com/FiloSottile/status/787777267313303553)

(For context, I think I was the first to finish set 7, which I sped run while
at Recurse Center in 30 hours.)

~~~
Yhippa
Any tips for live coding on Twitch? I would like to do that with Set 1.

~~~
Pawka
There is livecoding.tv also. (I'm not related with the project).

------
thenewwazoo
I am currently working through these in my (very rare) spare time as a means
of learning Rust.

Forget project Euler or babby's first web server. This is an _excellent_ way
to learn a new language, to learn a huge amount about crypto, and it's a huge
amount of fun to boot. I cannot recommend them enough.

~~~
RodericDay
Project Euler is amazing, back off

~~~
clentaminator
Project Euler has always seemed to be more about mathematical "tricks" than
about imparting any kind of understanding of a computer science topic through
a structured set of challenges. The only thing I found amazing was how little
fun I have undertaking Project Euler challenges :^)

~~~
trungaczne
If you are looking for 'computer science topic' knowledge, I don't think you
should search a site 1) geared heavily towards math and 2) seeks to challenge
participants (unlike cryptopals, which provides a guide) in the first place.

~~~
clentaminator
That's a really good point actually. Perhaps Project Euler has a CS
association where it doesn't really belong because it's often mentioned in
CS/programming challenges threads, even if it's not intended to be the focus
of the exercises.

------
qwertyuiop924
Fantastic! I've have to get to work on this.

And I already have two projects I haven't finished...

For those of you who _have_ finished this, I'd reccomend checking out The
Synacor Challenge, and The Advent of Code, both the work of the excellent Eric
Wastl.

Bonus: I just discovered that we're getting a new Advent of Code this
December. So even if you've already done last year's (if you haven't, there's
still time!), stretch your fingers, because there's more coming down the pipe.

~~~
weaksauce
The synacor challenge is pretty fun although somewhat directionless after you
build the VM.

~~~
jweather
I disagree... more than half the challenge occurs inside the the software you
run on the VM. Keep at it, it gets even more interesting.

------
sytringy05
I had a great time doing these challenges, learnt a lot that I had forgotten
about working with bytes and a raft of stuff I never knew about cryptography.

The only problem with a new huge set is I have a day job and a wife and kids,
so I guess I will be working through these on the train and very late at night

------
dahart
I'm dying to finish these, but I had a _ton_ of fun doing the first few sets.
1.6 was a total eye opener for me, not knowing any real crypto before, I
naively thought if I used a long key, repeating key XOR would be a reasonable
amount of protection against at least your boss or a few of your smart friends
or whatever. Finding out that I could crack it in milliseconds with vanilla
Python and that the key length barely matters, that was... educational.

~~~
diyseguy
Me too. But now I'm stuck on 1.7. All the tricks they taught me aren't working
so far. Maybe we are supposed to go off-site and learn how to decrypt AES-128
ECB elsewhere and come back? Perhaps the hint is that they told us how it is
encrypted - so, maybe that's the only hint.

~~~
dahart
Haha. Here's a comment I left in my solution to 1.7:

    
    
      # This one took the longest, and it was just a shell command!
      # I learned that openssl's documentation is TERRIBLE!!

~~~
diyseguy
But they say in the instructions that you are supposed to Code it - "Do this
with code." Not to use the OpenSSL. Or at least that's how I read it.

~~~
dahart
FWIW, I have Python code next to that comment, and I don't have a bash command
line that runs OpenSSL there. I don't remember if I did indeed use the command
line, or if my comment really was talking about a light wrapper around a
library call.

~~~
diyseguy
ok, Crypto.Cipher import AES, away we go to 1.8

------
baby
By the way. NCC group (who was behind these challenges) is looking for a
crypto intern for the next summer (2017). If you like cryptopals, we probably
already like you :)

Check the internship challenges here: cryptoservices.github.io/challenges

------
sbierwagen

      But: it doesn't yet. If we waited to hit "publish" until 
      everything was here, we might be writing this in 2015.
    

Ho ho.

~~~
tptacek
Unfortunately, nobody who was involved with creating these still works for
NCC.

------
eterm
It's really interesting to interact with problems that don't ever come up in
the day job, I'm only part way through set 2 but this has taught me a huge
amount already.

> People "know" this already, but they don't really know it in their gut, and
> we think the reason for that is that very few people actually know how to
> implement the best-known attacks.

I agree with them when they say it's important to teach implementations
alongside theory. Despite knowing some theory behind cryptography seeing
implementations come together is still an eye-opener. I guess it's like the
difference between knowing orbital mechanics which is basically high school
math and then playing kerbal space program and crashing rockets because while
you could derive the functions every time it still takes some practical feel
before things "click".

Only in this case you also get to break it all down again which is another
level of satisfaction.

------
technion
I can't recommend this enough. You'd be surprised how incredibly often you can
spot vulnerabilities in real life code just because you wrote an exploit in
this challenge.

I blogged about my run through the early sets a while back:

[https://lolware.net/2014/09/15/cryptochallenge.html](https://lolware.net/2014/09/15/cryptochallenge.html)

Set eight however, is much more brutal (while still being fun). I've completed
the first three and had to take a break. Looking forward to getting back at
it.

------
telesilla
This looks like a great idea to do with my distributed team: many of us are
learning a new language for fun at the moment, from Erlang to Rust or Go and
if we all create a private gist of our answers as we do them, we can date-
stamp verify our proofs with each other as we all get through to the next
level as a team. Thanks, you wonderful people who put this together!

~~~
tptacek
_Lots_ of people used Cryptopals as a way to learn a new programming language.
Some people used it as a thing to target their own new programming languages
to. One crazy person used it as a way to implement cryptography directly in
Excel spreadsheet math. I highly recommend this.

The new programming language thing, I mean. Not doing it all in Excel
spreadsheet math.

------
sordina
I got stumped on this when trying to generate the finite fields for RSA in
order to solve 1.7 and then getting discouraged. I'm not sure how deep to go
on coding up solutions for these, as a lot of libraries will do most of the
work for you but then you're not learning much. I guess go as deep as you can
and then back off when it's untenable.

~~~
sdevlin
I'm an author. My personal mail is spd@toadstyle.org. I'm happy to help you
get unblocked.

------
nsxwolf
These get freaking hard really fast.

~~~
tptacek
There's a backstory to why they're structured this way that I'm not going to
get into right now, but because "reasons", set #1 has a specific challenge
(#6) that is somewhat tricky to code; we did that deliberately, as a
qualifier.

You should absolutely do the challenges in the order we give them, but the
learning curve is a bit more gradual if you defer #6 until after Set 2.

------
Yenrabbit
I loved diving into these as I was first learning Python. It's like a much
more interesting version of those silly string manipulation tasks you get in
CS101, except that instead of passing a course you break harder and harder
crypto. Great fun :)

------
and762
Does someone still have the original plaintext-formatted sets that you got by
mail one by one? I prefer working off those, too bad I haven't kept them.

------
fuqted
On their face, sites like this and OTW are pretty intimidating for someone
without a technical background or friends to lead the way.

Any pointers?

~~~
sdevlin
Our goal was to be accessible. If we were unsuccessful, we're happy to help
fill the gaps. My email is spd@toadstyle.org.

------
diyseguy
I want this adventure style learning format for everything from here on out

------
maruhan2
Can anyone post their solutions?

~~~
Arcsech
A lot of people keep their work on these on GitHub, a quick search should turn
up solutions for at least the first few sets in any language you care to name.

That said, if you want to get value out of these, don't look at someone else's
solutions until you've worked through them yourself. They're challenging, but
very doable and very rewarding.

~~~
maruhan2
yeah i would like to work on them myself. But personally comparing your work
to others is just as valuable.

