/cryptopals

My solutions to the Matasano Crypto Challenges

Primary LanguageRustMIT LicenseMIT

My solutions to the Matasano Crypto Challenges

Execute

$ cargo test

Progress

Set 1: Basics

  • Challenge 1: Convert hex to base64
  • Challenge 2: Fixed XOR
  • Challenge 3: Single-byte XOR cipher
  • Challenge 4: Detect single-character XOR
  • Challenge 5: Implement repeating-key XOR
  • Challenge 6: Break repeating-key XOR
  • Challenge 7: AES in ECB mode
  • Challenge 8: Detect AES in ECB mode

Set 2: Block crypto

  • Challenge 9: Implement PKCS#7 padding
  • Challenge 10: Implement CBC mode
  • Challenge 11: An ECB/CBC detection oracle
  • Challenge 12: Byte-at-a-time ECB decryption (Simple)
  • Challenge 13: ECB cut-and-paste
  • Challenge 14: Byte-at-a-time ECB decryption (Harder)
  • Challenge 15: PKCS#7 padding validation
  • Challenge 16: CBC bitflipping attacks

Set 3: Block & stream crypto

  • Challenge 17: The CBC padding oracle
  • Challenge 18: Implement CTR, the stream cipher mode
  • Challenge 19: Break fixed-nonce CTR mode using substitutions
  • Challenge 20: Break fixed-nonce CTR statistically
  • Challenge 21: Implement the MT19937 Mersenne Twister RNG
  • Challenge 22: Crack an MT19937 seed
  • Challenge 23: Clone an MT19937 RNG from its output
  • Challenge 24: Create the MT19937 stream cipher and break it

Set 4: Stream crypto and randomness

  • Challenge 25: Break "random access read/write" AES CTR
  • Challenge 26: CTR bitflipping
  • Challenge 27: Recover the key from CBC with IV=Key
  • Challenge 28: Implement a SHA-1 keyed MAC
  • Challenge 29: Break a SHA-1 keyed MAC using length extension
  • Challenge 30: Break an MD4 keyed MAC using length extension
  • Challenge 31: Implement and break HMAC-SHA1 with an artificial timing leak
  • Challenge 32: Break HMAC-SHA1 with a slightly less artificial timing leak

Set 5: Diffie-Hellman and friends

  • Challenge 33: Implement Diffie-Hellman
  • Challenge 34: Implement a MITM key-fixing attack on Diffie-Hellman with parameter injection
  • Challenge 35: Implement DH with negotiated groups, and break with malicious "g" parameters
  • Challenge 36: Implement Secure Remote Password (SRP)
  • Challenge 37: Break SRP with a zero key
  • Challenge 38: Offline dictionary attack on simplified SRP
  • Challenge 39: Implement RSA
  • Challenge 40: Implement an E=3 RSA Broadcast attack

Set 6: RSA and DSA

  • Challenge 41: Implement unpadded message recovery oracle
  • Challenge 42: Bleichenbacher's e=3 RSA Attack
  • Challenge 43: DSA key recovery from nonce
  • Challenge 44: DSA nonce recovery from repeated nonce
  • Challenge 45: DSA parameter tampering
  • Challenge 46: RSA parity oracle
  • Challenge 47: Bleichenbacher's PKCS 1.5 Padding Oracle (Simple Case)
  • Challenge 48: Bleichenbacher's PKCS 1.5 Padding Oracle (Complete Case)

Set 7: Hashes

  • Challenge 49: CBC-MAC Message Forgery
  • Challenge 50: Hashing with CBC-MAC
  • Challenge 51: Compression Ratio Side-Channel Attacks
  • Challenge 52: Iterated Hash Function Multicollisions
  • Challenge 53: Kelsey and Schneier's Expandable Messages
  • Challenge 54: Kelsey and Kohno's Nostradamus Attack
  • Challenge 55: MD4 Collisions
  • Challenge 56: RC4 Single-Byte Biases

Set 8: Abstract Algebra

  • Challenge 57: Diffie-Hellman Revisited: Small Subgroup Confinement
  • Challenge 58: Pollard's Method for Catching Kangaroos
  • Challenge 59: Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks
  • Challenge 60: Single-Coordinate Ladders and Insecure Twists
  • Challenge 61: Duplicate-Signature Key Selection in ECDSA (and RSA)
  • Challenge 62: Key-Recovery Attacks on ECDSA with Biased Nonces
  • Challenge 63: Key-Recovery Attacks on GCM with Repeated Nonces
  • Challenge 64: Key-Recovery Attacks on GCM with a Truncated MAC