Hello CryptoHackers! This week we’ll be releasing a new set of challenges, mostly made up of great community submissions. But first, a quick recap of what we’ve been up to in our mission to spread cryptography knowledge.

The main thing we’ve done recently was team up with HackTheBox for Cyber Apocalypse CTF 2021. We worked hard to write challenges which were fun and accessible for all players. We made detailed walkthroughs for them here. A huge number of players solved at least a few of these challenges, and we hope we’ve infected many new players with our love of cryptography!

As a community, we had our biggest success on social media yet with the blog post “Recovering a full PEM Private Key when half of it is redacted”. This was a fun effort from many people in the chat and was discussed on Twitter, Reddit, and several security newsletters.

We’re also collaborating with the Isogeny School, organised by Chloe Martindale and Christophe Petit, to create and share a set of dynamic exercises and CTF-like puzzles to support the virtual learning programme on isogeny-based cryptography. Registration for the school is open now and will run between July-September 2021.

Finally, in terms of the chat, Jack has been running a reading group looking at a different famous cryptography paper each week. We also brought on Robin Jadoul to the admin team; his patience in answering the questions of newcomers and in sharing his huge knowledge has been a big part of what’s made the CryptoHack Discord such an awesome community.

We would like to thank our Patreons for continued support. Our next goal is to reorganise the website in response to feedback we’ve received. For a start, unlike they way it started, the “block ciphers” / “AES” section now contains plenty of ciphers which are neither block ciphers nor AES! We will update all this content and also restructure it into more manageable chunks to make the learning experience better.

New Challenge Descriptions

  • SSH Keys (Data Formatting): Easy challenge that has a brief intro to SSH and describes how the keys are formatted.
  • Roll Your Own (Maths Brainteasers): Discrete logarithms seem like a great foundation for building a public key cryptosystem, what could go wrong? Contributed by mystiz
  • Dancing Queen (Symmetric Ciphers): Daniel Bernstein’s next generation ciphers like ChaCha and Salsa are often praised for being more misuse-resistant compared to what came before. But are they resistant to being implemented incorrectly? Contributed by yaumn and Synacktiv
  • The Matrix Trilogy (Diffie-Hellman) a set of three Diffie-Hellman Key exchange challenges which focus on studying matrices over finite fields. Contributed by Jschnei
  • Montgomery’s Ladder (ECC): This challenge kicks off a side channel attack stage for Elliptic Curve Cryptography, with a nice tutorial. Side channel attacks are a big concern of modern cryptography and something we’d like to explore more on CryptoHack.
  • Double and Broken (ECC): Similar to the previous challenge, we can’t say much more without giving the game away (perhaps the title already does)
  • Hash Stuffing (Hashing): Can you cause a collision in a simple custom hashing function?
  • LFSR Destroyer (LFSRs): Adding to Cryptanalyse’s set teaching how to break LFSRs, is a challenge based on a similar construction to the GEA algorithms that were recently suggested to be deliberately backdoored. Contributed by Cryptanalyse
  • RSA or HMAC Part 2 (Crypto on the Web): Here’s another JWT challenge, a trick which involves a little more work than the previous ones.

Current scoreboard

CryptoHack Scoreboard 2021/06

Congratulations to ndh, rkm0959, and pcback for solving the last set of challenges the fastest.