Thinking about this, Matasano turns out to be a rather good name for your company. After all, your services are about trying to "kill the healthy" system, so to speak.
It´s good to know semantic differences between Spanish speaking countries. Here, talking from the south of Spain, matasano rarely refers to the "quackery" sense.
I've spent the past three hours working on some of these challenges and I probably will spend a lot more time working on them too. They're a fun and friendly reminder that I should brush up on my RE skills every now and then.
That doesn't really do much for those of us with backgrounds that do not include Javascript / web development.
Such as embedded processors, just to use an example that might be exactly the type of people who would find this challenge extra interesting.
Full disclosure: I did several of these, but the browser issue is probably what kept me from doing more. It did not run in my (admittedly outdated) browser of choice, so I had to do some Chrome wrangling, which was the opposite of fun.
JSON RPC calls would be trivial to use from any scripting environment - python, perl, or ruby; even shell scripts would be an option with curl and such.
Okay, if someone is hardware oriented and has never stepped outside the assembly and C world, then doing it from C isn't particularly convenient - but even with such background I would assume that most embedded processor people would know one of those scripting languages just to automate stuff in their development/testing workflow.
What Javascript are you talking about? Anything the browser interface can do, you can do directly with raw HTTP calls. The Rails front-end is actually just a thin proxy around a JSON RPC interface exposed by the Golang emulator itself.
If your point is "that's not helpful for people who don't know how to use HTTP and JSON", I'm at a loss, because the problems Microcorruption wants you to solve are much, much harder than HTTP.
Harder, but simpler (less complex). Wargames like SmashTheStack give you a Linux shell - it's much more fun this way. Just so you know, I ragequit microcorruption after three levels. Like the poster above, I know nothing about web development and have no intention of learning. The crypto challenge was really great though, thank you for that!
I think they were massively overwhelmed with the response to the challenges. They were handling all the responses manually. It's great to see that they have made things more scalable and just put them up for everyone.
It gives me a lot of faith in humanity when people share their knowledge and expertise so altruistically. Really looking forward to going through these.
A good complement to this set of challenges is Dan Boneh's Crypto class on Coursera. The coursera class is more theory-driven, whereas these challenges are more practical... they mix well. https://www.coursera.org/course/crypto
I'm stuck on set 1 challenge 4, detecting single-character XOR. I know how the cipher works, having solved challenge 3, but when I brute-forced all 327 hex strings in their challenge data with each of the 256 possible one-byte keys, none of them deciphered to anything like English. I suspect a typo in their data, since one line -- 1c3df1135321a8e9241a5607f8305d571aa546001e3254555a11511924 -- actually has 58 hex digits, not 60. Has anyone else run into this problem?
Edit: Of course I would solve this right after a post saying I can't. I was only looking at the (string, key) pairs which deciphered to all-printable plain text, but forgot that \r, \n, and \t count as printable ASCII characters.
What textbook would be recommended for someone wanting not only to accept the challenge, but also to get some theory under their belt at the same time?
I like this book a lot, but you won't need any of this math until set 8. I spent a lot of term learning things like lattice basis reduction algorithms (I used Strang's linear algebra book and MIT lectures) only to discover that there really isn't a whole lot that requires you to break out linear algebra in day-to-day cryptography.
In particular: virtually all of block cipher crypto and message authentication relies on straightforward math. (It would be different if our challenges covered poly MACs, but we don't have good examples of common flaws in poly MAC implementations).
Yeah. Joux's attack is conceptually simple. You have 2 tags T_0, T_1, obtained with distinct messages and the same IV. This means T_0 = S_0 ^ X and T_1 = S_1 ^ X, where X is the same value for both. So you have T_0 ^ T_1 = S_0 ^ S_1. S_0 and S_1 are the polynomial evaluation of the ciphertext at H, the authentication key (which is also the same).
Now, via a simple polynomial evaluation property, you have f(x) + g(x) = (f + g)(x). We know f and g --- those are the two ciphertexts being authenticated here, interpreted as polynomials --- and we know that the polynomial f + g - S_0 - S_1 must be 0 at H. From there it's a matter of finding the roots of this polynomial, one of which is H, and this is the mathematically complicated part of the attack. Though you can treat root-finding as a black-box, the keywords here are Berlekamp or Cantor-Zassenhaus.
(Hopefully I didn't get this too wrong, I'm handwaving here)
I only did the first two, which I hear are pretty trivial in comparison to the later ones, but I still had a great time and learned a hell of a lot in the process. Definitely highly recommended even if it's just for fun or out of idle curiosity, and no prior knowledge required. Looking forward to reading some 'proper' solutions now...
I'll probably always regret not getting further into these than I did (life intruded, and then the psychic debt of being late disincentivised me from returning to them). One of these days I really do intend to finish 'em.
Thanks for crafting them, and thanks for posing them. Hopefully you guys got some great new hires out of it!
On http://cryptopals.com/sets/4/challenges/31 , I'd just make it return the offset of the first byte that don't match to simulate the information that a timing leak would reveal.
It was a really nice adventure to complete all the 6 sets. Learned lots of useful stuff. My great thanks to tptacek and the team who prepared such a nice hands-on crypto class.
P.S. 7th set is insane (in a good way).
The 8th set ends in an elliptic curve attack that (a) is useful in the real world and (b) only one person I know has been able to implement. It is amazing.
> Or do you mean "crypto issues specific to Clojure"? What would those be?
Ah, I see now that these challenges are more of the language-agnostic type, rather than a demo of platform quirks. I suppose that negates my previous comment. Thanks for posting the challenges!
Random meditation: I worked through a lot of the early exercises in Haskell, and partly to learn Haskell. I did a lot of things a "silly" way - didn't use the Vector libraries at all, for example. I learned a lot from doing that, and I wonder if a shiny set of Haskell examples using half of Hackage would provide the same learning experience.
Also: do you have a set of Perl examples? If not, I'd be happy to put them together.
Oh, these links are for the solutions? I thought that clicking on a language should take me to a code submission page for that language where my submission will be judged against different test cases.
I would expect probably not, but my experience with these is that it's generally pretty obvious when one has a correct solution.
(except for the one problem in set 5 where they computed the hash of the ascii string representing the solution and I computed the hash of the actual number)
"Matasano" is one of my favorite words in Spanish, not for its meaning, but for how it sounds. Anyway, here is the meaning:
mata=kill
sano=healthy
So, literally it means to "kill the healthy" and it is used to refer to doctors, usually in colloquially, rather than pejorative, terms.
Sorry for the interlude.