"Matasano" is one of my favorite words in Spanish, not for its meaning, but for how it sounds. Anyway, here is the meaning:
So, literally it means to "kill the healthy" and it is used to refer to doctors, usually in colloquially, rather than pejorative, terms.
Sorry for the interlude.
In-browser reverse engineering game.
I already wrote an emulator for the MSP430 from scratch just to try out an approach for the current challenge's final level.
And now you tell me the next one is going to be pretty intense.
Such as embedded processors, just to use an example that might be exactly the type of people who would find this challenge extra interesting.
Full disclosure: I did several of these, but the browser issue is probably what kept me from doing more. It did not run in my (admittedly outdated) browser of choice, so I had to do some Chrome wrangling, which was the opposite of fun.
Okay, if someone is hardware oriented and has never stepped outside the assembly and C world, then doing it from C isn't particularly convenient - but even with such background I would assume that most embedded processor people would know one of those scripting languages just to automate stuff in their development/testing workflow.
If your point is "that's not helpful for people who don't know how to use HTTP and JSON", I'm at a loss, because the problems Microcorruption wants you to solve are much, much harder than HTTP.
It gives me a lot of faith in humanity when people share their knowledge and expertise so altruistically. Really looking forward to going through these.
Feel free to join #cryptopals on Freenode :)
Will there be a way to automatically submit / advance, for those of us that would like to do them without encountering spoilers?
Edit: Of course I would solve this right after a post saying I can't. I was only looking at the (string, key) pairs which deciphered to all-printable plain text, but forgot that \r, \n, and \t count as printable ASCII characters.
In particular: virtually all of block cipher crypto and message authentication relies on straightforward math. (It would be different if our challenges covered poly MACs, but we don't have good examples of common flaws in poly MAC implementations).
I agree that the published sets of challenges don't really need much theory.
Later: I just read Ferguson, with the linear algebra.
Now, via a simple polynomial evaluation property, you have f(x) + g(x) = (f + g)(x). We know f and g --- those are the two ciphertexts being authenticated here, interpreted as polynomials --- and we know that the polynomial f + g - S_0 - S_1 must be 0 at H. From there it's a matter of finding the roots of this polynomial, one of which is H, and this is the mathematically complicated part of the attack. Though you can treat root-finding as a black-box, the keywords here are Berlekamp or Cantor-Zassenhaus.
(Hopefully I didn't get this too wrong, I'm handwaving here)
Thanks for crafting them, and thanks for posing them. Hopefully you guys got some great new hires out of it!
Great, I'm interested.
> Or do you mean "crypto issues specific to Clojure"? What would those be?
Ah, I see now that these challenges are more of the language-agnostic type, rather than a demo of platform quirks. I suppose that negates my previous comment. Thanks for posting the challenges!
Ruby should go up Wednesday. Tomorrow I know Python and C++ go up, and hopefully Haskell.
Also: do you have a set of Perl examples? If not, I'd be happy to put them together.
--interesting string output for challenge 1.
(except for the one problem in set 5 where they computed the hash of the ascii string representing the solution and I computed the hash of the actual number)
I did a couple of the matasano challenges in the past and there were a lot of music lyrics strewn all over the place.