

The Matasano Crypto Challenges - greyman
http://www.matasano.com/articles/crypto-challenges/

======
ColinWright
Quoting:

    
    
        You'll want to be able to code proficiently
        in any language.
    

That should probably be:

    
    
        You'll want to be able to code proficiently
        in *some* language.
    

I should think no one can code proficiently in every language, and to me,
that's what the first implies.

~~~
jacobwcarlson
If you're going to be pedantic at least consult a dictionary first:

"any 1 [ usu. with negative or in questions ] used to refer to one or some of
a thing or number of things, no matter how much or many"

~~~
da3da
See how that entry says "usu. with negative or in questions"? The usage in
this case is neither negative nor a question, and so many, like the gp and
myself, found it confusing.

------
tptacek
Oh. _This_ is why we suddenly got a huge flood of mail on a Sunday night.
Well, hello again.

A reminder: $20 to Watsi for each person who finishes all six sets.

~~~
aptwebapps
I did the first set and loved it. Are you running much of a backlog? I sent
that in about two days ago.

Actually, looks like an email mixup. I didn't reply directly to the more
recent email and composed a fresh mail to us@cryptopals.com which doesn't work
(although I did CC the other address as requested). Just forwarded my
submission.

Edit: Just got set 2.

~~~
shanelja
I sent in my request a few minutes after this went live, still waiting. :(

They must have a huge spike in requests to go through, plus the people
completing sets 1 and 2. I would expect waiting times to drop as fewer people
complete the advanced sets.

------
ColinWright
Great review and subsequent discussion:

<https://news.ycombinator.com/item?id=5574074>

------
AdamGibbins
Maciej did a good review here:
[https://blog.pinboard.in/2013/04/the_matasano_crypto_challen...](https://blog.pinboard.in/2013/04/the_matasano_crypto_challenges/)

------
andrewcooke
i'm a third of the way through these are they're really entertaining - i am
going to recommend them to my colleagues at the next weekly meeting.

i "knew" some of attacks were possible, but had no real idea of how to go
about exploiting them "for real" - this course works you through practical
applications (and i found it to be pitched at an almost perfect level - it
moves fast enough to be interesting, but not so fast you get lost).

they're quite meaty - doing one email (out of the 6) takes at least a day for
me (but there's also some slack - you've got quite a bit of freedom and i
think you could spend more or less time, depending on exactly what you choose
to do.)

i haven't needed any deep technical knowledge or hard maths (but i already
knew, for example, what a "block cipher" was and what "modes of operation"
were, even if i couldn't tell you which did what without looking at
wikipedia). the hardest part has just been "bookkeeping" in the code -
tracking which offset in the array of data i am modifying, etc. the usual
programming details.

so this is for interested amateurs - i don't think the nsa is going to be very
excited learning who has completed the course...

(also, fwiw, i'm using python 3.3 (the new "yield from" is very useful when
writing code that modifies sequences) and it's plenty fast enough so far)

~~~
eru
> so this is for interested amateurs - i don't think the nsa is going to be
> very excited learning who has completed the course...

Yes. Though: I studied cryptography as part of mathematics in university, and
while we studied much more sophisticated attacks and ways to break your
ciphers, we never actually ended up coding up the breaks even of comparatively
trivial attacks.

~~~
tptacek
What's an example of sophisticated class of attacks we have poor coverage on?
(If you like, mail me directly; we're not publishing exactly what the
challenges are).

I'd appreciate leads on places we should expand our coverage. Sean is already
working on set 7, and we're pulling attacks out of the recent literature to do
that.

Worth mentioning: we're not cryptographers.

~~~
AnthonyMouse
Do you have anything on certificate verification? Not that I actually know
anything about it, but.. here, I think these words from Moxie Marlinspike
about sum it up:

"I’m not actually a supporter of the general adage “never roll your own
crypto.” I believe that cryptography is a fairly closed system, and that it’s
relatively straightforward to learn how to carefully use cryptographic
primitives to build protocols securely. Certificate validation, on the other
hand, is something that I would recommend people avoid doing themselves, if
possible. It’s mired in cruft and gotchas."[1]

Moxie covers a few examples in the link, but it would be interesting to see
some more along those lines.

[1] <http://www.thoughtcrime.org/blog/strongtrustmanager-mitm/>

~~~
tptacek
I think very highly of Marlinspike, and he is clearly smarter than I am, but
he is wrong on this point. No, one thing I will say about our challenges: we
don't spend time on certificate parsing. We thought about it, but decided
people were unlikely to run into a lot of new X.509 implementations that can't
handle a NUL byte (and things like that), at least not as likely as the other
bugs we showcase.

 _Edit: I read this comment out of context. Sorry. Obviously, I asked for
examples of flaws we could cover. Thanks for offering one up._

------
jfarmer
'People "know" this already, but they don't really know it in their gut, and
we think the reason for that is that very few people actually know how to
implement the best-known attacks. So, mail us, and we'll give you a tour of
them.'

As Hegel said, "The familiar is not understood precisely because it's
familiar." _Das Bekannte überhaupt ist darum, weil es bekannt ist, nicht
erkannt._

I live this every day as a teacher. Students believe they understand, say,
linked lists because they can recite all sorts of Linked List Facts™. It's not
until you put them in front of a problem with a linked-list-shaped hole that
they truly come to understand (erkennen).

~~~
tonecluster
Ain't that the truth. And (if you're doing it right), the older you get the
more holes you spot. And, in filling those holes, keep collecting the
lightbulbs from over your head when the "erkennen" mallet strikes.

~~~
eru
Why did you use German here? (Please pardon the off-topic comment. Just my
interest as a native speaker.)

~~~
jfarmer
He was quoting me quoting Hegel, talking about the relationship between
familiarity and understanding.

Unfortunately English doesn't have the precise distinction that German does,
so the translation is a little confusing. To an English speaker "familiar",
"known", and "understood" are almost synonymous.

Many programmers I know use the word "grok" as a stand in:
<http://en.wikipedia.org/wiki/Grok>

~~~
eru
Oh, thanks. I didn't have the whole thread in mind.

------
jrabone
Pardon the paranoia, but who else gets to see the little black book^H^H^H list
of people who are skilled at practical crypto exploits?

~~~
eru
What's the matter with that? You can study the stuff at universities to a much
deeper level.

~~~
tptacek
If you can point me to a university curricula (and, especially, a syllabus)
that has hugely better coverage of practical attacks on cryptographic
implementations, I'd be interested in seeing it.

Nobody is going to come out of these challenges qualified to pick SHA-4 or
AES-ng, or for that matter, prepared to design a new cipher or even a novel
crypto construction. That's not the point of the challenges.

But we're covering what I think might be an odd corner of cryptography. Our
approach to crypto is from a software security perspective. In a similar sense
as 2013 software security researcher might be able to tell you a great deal
about how Javascript objects are allocated a browser but not have any idea
about best practices for organizing actual working Javascript code, we're
covering an idiosyncratic set of implementation details but leaving all the
theory out --- not least because we don't have the theory background.

~~~
eru
> If you can point me to a university curricula (and, especially, a syllabus)
> that has hugely better coverage of practical attacks on cryptographic
> implementations, I'd be interested in seeing it.

Me, too. The courses I took were much more theoretical--lots and lots of
number theory. I enjoyed them, and I enjoy your challenges, too.

The theory is fun, and I learned enough to understand some interesting
attacks, but at the level of courses I studied the material at, we did not
come up with any new attacks.

The distinction is a bit like theoretical computer science versus actually
writing a programme.

P.S. I'll looking through material from my old university and see if I can
find anything interesting.

------
shanelja
It's great to see a company doing something like this and getting involved in
the community this way, I took Dan Boneh's class on Cryptography some time
last year so I've sent these guys an email and I will see what I can manage.

------
Osmium
I just started doing these and am very much enjoying it so far despite not
being much of a programmer (and never having done any crypto before!). I spent
a good Saturday afternoon doing the first 8 though have to confess problem 4
seems I be confounding me despite having easily found the answer to problem 3
:( and whatever bug I have in problem 4 also means my problem 6 isn't working
either. And sadly I have to get back to my real work now it's Monday again!

------
just2n
Still waiting. How long is the average wait time?

~~~
tptacek
Much better than it was on Friday when the first story hit (none of this was
automated on Friday), but still on human-scale time. Minutes to multiple
hours. When did you send your mail to us? If it was any time before this
afternoon, you should have already seen mail from us; check your spam filter.

About 1 out of every ~200 people we mail refuses the mail (at SMTP) for one
reason or another, so if you're running your own email server, make sure it'll
accept mail from MATASANOCRYPTOPALS.COM --- note that's not the domain you
sent to.

~~~
just2n
Sent it on Friday. Unless you didn't RE:, it shouldn't have been spammed, but
I have a habit of emptying my spam folder without ever looking at the
contents, so we'll never know.

~~~
tptacek
Mail me directly. (My email's in my profile.)

------
dtwwtd
I've really been wanting to do these for a few months now. I've just got to
get through finals this week before I can start!

