We’re really excited to be sharing a new set of challenges with you all, with puzzles contributed by CryptoHack as well as the community. One of our motivations for CryptoHack was to create an excuse to learn as much as we could, and we love having the opportunity to play your puzzles and learn new areas of maths and cryptography.

Halloween Challenges

Recently we’ve been playing the Ledger Donjon Capture the Fortress CTF as the CryptoHackers team. The competition focusses on challenge areas that we don’t often see in CTFs, such as side channel attacks and blockchain exploitation. This is our second group competition we’ve played, after CryptoCTF back in August (writeups). There’s still a week left in the competition and we’re working hard for the number one spot.

Ledger Donjon CTF

We also recently added a new careers feature to CryptoHack which we hope will be another way we can support our community. Companies are able to include job opportunities onto the site while players can get an understanding of how they can work with cryptography day-to-day. If you’re interested in using the careers feature to reach CryptoHack players, then please visit our FAQ for more information.

We want to say thank you to everyone who has started supporting CryptoHack using Patreon. We are very grateful and are putting this money into paying for server costs and looking forward to introducing new features to the site.

New Challenges

Here’s an intro to the new challenges that will be released tomorrow:

  • JWT Hacking Series (Crypto On The Web): We’re kicking off a whole new category about the practical use of cryptography on the web with a series on JSON Web Token hacking. Expect fast-paced challenges that will see you exploiting common mistakes made in website authorisation.
  • Jack’s Birthday Hash (Probability): To celebrate his birthday, Jack has developed a brand new hashing algorithm and needs you to help him look into just how cryptographically secure it is. This pair of puzzles will be developed into a series about the fundamentals of hash functions.
  • Logon Zero (Block Cipher Modes): It turns out that by reading old documentation about cryptography it’s possible to discover devastating exploits that affect the entire world. This challenge reveals the nuts and bolts of a now-famous block cipher mode misuse. Contributed by $in
  • Cofactor Cofantasy (Maths Brainteasers): For those who prefer the mathematical side of cryptography, we have another absorbing brainteaser which Robin and Thunderlord stumbled on while creating their last challenge. Contributed by Robin Jadoul and Thunderlord
  • RSA Backdoor Viability (RSA Primes): Following Fast Primes, this challenge explores a way to create RSA public keys that appear to be strong but can be cracked open if you do your research. Contributed by Joachim
  • Jeff’s LFSR (LFSRs): This begins a series of challenges about linear-feedback shift registers and their vulnerabilities when used in cryptography. This attack has a lovely intuition behind it. Contributed by Cryptanalyse