Hacker News new | past | comments | ask | show | jobs | submit login
The Matasano Crypto Challenges (blog.pinboard.in)
318 points by tptacek on Apr 19, 2013 | hide | past | web | favorite | 61 comments

Just a quick note: we have a good idea of how many people make it through these challenges versus how many start. As long as that ratio stays remotely sane --- and as long as the whole Internet doesn't secretly turn out to be full of people who can bust out crypto attacks better than most vulnerability researchers can, which is a concern because an English professor finished these --- we'll donate $20 to PIH or Watsi for everyone who finishes.

Sean, Marcin, and I are watching the cryptopals at matasano address, so if you have questions or get stuck on one of the later problems, don't hesitate to ask; the worst that'll happen is we'll take too long to reply.

Update: We WILL get to you. We're definitely getting your emails. All of your emails. All of the emails. Give us a little bit though.

>> which is a concern because an English professor finished these

Occupations aren't necessarily a good signal for intelligence or domain expertise... even a patent clerk will surprise you once and a while. ;)

I'm just trolling the STEM grads. I got the professor's permission to do that!

Was he just an English professor , or is there some important qualifier?

Good troll either way.

An English professor of computer science at Cambridge, no doubt. =)

(Not necessarily responding to the parent comment directly.)

The wall between STEM and the humanities is, if not artificial, quite porous, and it's in the interest of every intelligent person to bring it down.

In general, there's been quite a bit of interest in quantitative approaches to the humanities lately. Try googling for J.E.H. Smith's proposal for a data-driven survey of world philosophy, or look into Franco Moretti's work on "distant reading" in Graphs, Maps, Trees. The latter was even profiled in the New York Times Magazine several years ago.

I also like to trot out the example of Hugh Kenner, a protege of Marshall McLuhan who was one of the 20th century's great scholars of Modernism, particularly of Joyce and Pound — and who was also a contributor to Byte.

Pleading the 5th.

I agree. I once asked a mechanic in my military unit a question about a car problem, it quickly turned into an hour-long lecture on thermodynamics and ambient heat. The guy is absolutely brilliant.

Einstein did his best stuff while he was working as a patent clerk.

Yes, his wink smiley makes it likely he was referring to Einstein.

To be honest, I thought he was talking about Bill Watterson.

Depends on what patent applications one gets for review ;)

Thanks for opening this opportunity up to the community! :)

EDIT: Dumb question, but for scheduling purposes, what's an order-of-magnitude estimate for a block of 8 questions? Is this like a weekend-hackable thing, part-time during the week, month sabbatical, or what?

It is a freakin' blast watching people work through these. The pleasure is ours.

Regarding time commitments: it is hugely variable, mostly I think because different people put different priorities on finishing. The first set should go very quickly.

I would love it if these took a month of work, but people have gotten through them in a couple days, and there's some delay built in there because of email.

The bit about priorities is spot on. I got the first set done with Ruby in a week's spare hours. The execution speed (and some of your other posts) have me motivated to learn Go, so set two is on hold until I get comfortable with brute forcing ciphers in a statically typed language. If I were European I'd probably be done by now :)

If you already know ruby, have you considered using JRuby for this? I wouldn't besmirch anyone trying to pick up a new language, but I am curious to hear if there were any technical reasons for going with something else.

Just for the fun of it, really. I'm sure MRI or JRuby would suffice given properly considered execution strategies. Optimizations have been half the fun for me so far with MRI 1.9.

With kids, client work and generally having a life, I'm getting about one or two hours a week tops to work through them.

If I were working on them full time I'm confident I could get as far as I am now (mostly finished the third set) in about a week.

I've been having a blast, despite not putting any time into it (I'm on problem 14 or so because of work). The first two blocks of 8 shouldn't require much time (hours). The instructions so far are rather complete; you aren't left wondering (like on Project Euler sometimes) how to approach something. Most of my time has been spent code golfing.

I've been meaning to try these but have been avoiding the scheduling headache… but it just sounds like too much fun, so I finally sent you guys an email. I'll make time for it somehow. Thank you for doing this, you guys are awesome.

I sent an e-mail to you about 3 weeks ago asking if I could please try out the crypto challenge, and received no response. Should I try again or does your update refer to the fact that you're just backed up at the moment? Thanks!

EDIT: Apologies, it was only 10 days ago. So I'll assume you all are just a little backed up with the volume of requests.

We've got you (you had asked for something different, but we'll make sure you get them).

Ah ok, sorry for the confusion. I should have used the term Matsano Crypto Challenge instead of the term I thought described them.

In any case, I have received them now, so thanks for sharing them.

Tangential note: if you noticed that this was quite well-written for a blog post, and if you've never heard of Maciej Cegłowskiv[1], then you should absolutely start reading his blog, Idle Words[2]. The essays are simply sublime. Even though he only occasionally writes about tech stuff (it's mostly about his extensive travels), this is hands down my favorite blog and I await every new post eagerly.

[1] http://idlewords.com/about.htm

[2] http://idlewords.com/

Could not possibly agree more. Start here:


My absolute favorite is Białowieża Forest [1] - I died laughing many many times, and I even learned a thing or two along the way. For me, nothing beats enlightening educational entertainment such as this.

[1]: http://idlewords.com/2012/02/bia%C5%82owie%C5%BCa_forest.htm

Hey, real quick, all:

We got an overwhelming response to this, which is awesome. Good news/bad news. Bad first: slight delay, while we change up the way we manage the email responses (we're pulling the emails into Mailgun, which is fantastic btw). The good news is we should have everyone squared away by the middle of this afternoon, and should be much more responsive moving forward.

We're really looking forward to watching people run through the challenges. We'll post aggregate stats when everything's done.

My favorite quote from the article:

In the real world, if you build a bookshelf and forget to tighten one of the screws all the way, it does not burn down your house

Walter Maner - "UNIQUE ETHICAL PROBLEMS IN INFORMATION TECHNOLOGY" - http://www.cs.bgsu.edu/maner/ethicomp95/keynote3-THE.html#He...

"In a stimulating paper "On the Cruelty of Really Teaching Computer Science,"[35]Edsger Dijkstra examines the implications of one central, controlling assumption: that computers are radically novel in the history of the world. Given this assumption, it follows that programming these unique machines will be radically different from other practical intellectual activities. This, Dijkstra believes, is because the assumption of continuity we make about the behavior of most materials and artifacts does not hold for computer systems. For most things, small changes lead to small effects, larger changes to proportionately larger effects. If I nudge the accelerator pedal a little closer to the floor, the vehicle moves a little faster. If I press the pedal hard to the floor, it moves a lot faster. As machines go, computers are very different.

A program is, as a mechanism, totally different from all the familiar analogue devices we grew up with. Like all digitally encoded information, it has, unavoidably, the uncomfortable property that the smallest possible perturbations -- i.e., changes of a single bit -- can have the most drastic consequences.[36]"

In fact, that is one of the key tenets behind modern cryptography!


Closely followed by:

As a programmer, my core strengths have always been knowing how to apologize to users, and composing funny tweets.

Great article, OP. I laughed and learned.

Best sales pitch I've read in a long time. Makes me want to cancel everything for the next week and take a crack at them.

I hate to sound impatient but I love crypto and can't wait to get started on the first set of challenges.

How long am I likely to have to wait to receive them? It's been 5 hours so far

Again, I'm not meaning to be rude, I just want to know if I should set aside time to do them this evening, this weekend, or in a couple of weeks

We're working on it, but you can expect to start them this evening.

I'm getting a 404 for the crypto-challenge link in the blog body. Is there somewhere else I'm supposed to navigate to?


I am seeing that too. Can tptacek fix this?

The link you just pasted and the link in Maciej's article work for me. Which URL isn't working for you? I'll fix promptly.

It's flapping between a 404 and the actual page for me.

That's super weird, because it's just a static web server.

I'm lookin!

Our website is so secure that I don't even understand how it works. It turns out we have a load balancer. I only updated one of the static servers. Go me!

That gave me a good chuckle. Well played.

That URL isn't working for me either. FYI.

If I refresh sometimes I get a 404, sometimes I get the page ...

The url I pasted. Strange! :)

Does the linked article have spoilers?

I'll save it for later if it does.

Nope. People have been pretty awesome about that.

I have to say, I've been hearing about the challenges for several months and have been far too intimidated to attempt them as I'm a total newb on the crypto side of things.

After reading this article though, I figured it would be safe to assume that I'll learn as I go through them.

Awesome work guys! Cant thank you enough!

Just finished the first batch. My mind was blown after solving the big question (you know which one!). This is very cool stuff, can't wait for more!

I'm using this challenge to help me teach myself Python. As it turns out, it's a great language for these types of problems!

This is a wonderful write-up.

I think I want to try, but given the current front-page status of this I think I will wait a week or so before emailing for my instructions.

We can handle it! Shoot us an email!

Oki doki...will do.

I don't even know if I can manage to take this on...but we'll see :)

They're not going to go away any time soon.

Looks cool. I'm surprised that you haven't already received submissions in Go yet (or if you have, then you need to update the page).

I was planning to do mine in Go for this very reason.

When I receive the challenges, I'm not sure if I'm going to use Go or Rust. I'm more familiar with Go, but I'd like to learn Rust.

Go submission sent.

I think this challenge is a brilliant piece of marketing - if it is indeed marketing.

Love it.

It's something we did because we love this stuff that just seems to have worked out.

Great initiative! I'm in

Sent the email, no challenges received yet :( you should make it easier to get started.

My guess is this makes it easier for them to prevent 42 blog posts in a week about solving Challenge n.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact