Happy new year CryptoHackers! It’s almost time for us to release our next set of challenges, once again dominated by great community submissions.

First we’d like to call attention to our latest idea which is to produce a limited number of CryptoHack T-shirts. Jack has come up with a beautiful design which contains a famous cryptographic backdoor on the back (the Dual_EC_DRBG parameters):

CryptoHack t-shirt

First of all, all our existing patrons who have signed up to our Patreon will get a T-shirt. All new patrons who donate over $5 per month will also get one.

Secondly, we want to reward people who have played in the successful CryptoHackers CTF team. CryptoHackers won $100 in the Ledger Donjon CTF which quickly became $160 in the current bull market for Bitcoin. This will pay for T-shirts for those who contributed to solving challenges in that CTF. We also want to reward participation by giving away free T-shirts to everyone who wrote a writeup for Crypto CTF 2020.

We will use the sponsorship money we’ve received from companies advertising on our careers portal to fund the shipping of the shirts. In fact, we’ve just added a new job posting for Gemini cryptocurrency exchange, who are hiring for 2 senior+ security developer positions, 2 senior+ appsec positions, and a junior security compliance position. Working to defend a cryptocurrency exchange would be a very exciting job in our opinion so you should have a look if you or anyone you know might be interested.

Here is a guide to the sizing. Please let us know your sizing preference as soon as possible (by DM’ing Jack on Discord, or messaging us on Patreon), so we can order the correct amount of shirts.

New Challenge Descriptions

  • Bruce Schneier’s Password (Password Complexity): these two fun challenges take an idea from our favourite meme Schneier Facts and run with it. Is even the mighty Bruce Schneier’s password crackable? Contributed by esrever
  • JSON in JSON (Crypto on the Web): The fresh JSON Web Token category gets bolstered by another typical web authentication vulnerability. Contributed by delta
  • L-Win (LFSR): Here is the next instalment of Cryptanalyse’s challenging but highly satisfying series on Linear Feedback Shift Register hacks; expect more to come. Contributed by Cryptanalyse
  • Oh SNAP (Block Ciphers): this attack on a once-popular stream cipher and network authentication technology is a blast from the past. Contributed by randomdude999
  • Mixed Up (Hashing): this brainteaser-style challenge focusses on elementary operations, can you find a way to combine them to recover the flag? Contributed by giladk

We’ll also add some easy challenges on TLS if we have time, but they’ll probably have to wait for the next release. Either way, we plan to reorganise the site soon to break down the categories more and build a better difficulty progression for newcomers.

Current scoreboard:

CryptoHack Scoreboard 2021/01

Congratulations to ndh, ENOENT, and timmy for solving the last set of challenges the fastest.