/matasano

Matasano (now NCC Group) crypto challenges' solutions

Primary LanguageGo

matasano

Matasano (now NCC Group) crypto challenges' (https://cryptopals.com) solutions

Briefly, these are a collection of exercises that demonstrate attacks on real-world cryptography. The exercises are derived from weaknesses in real-world systems and modern cryptographic constructions covering topics from symmetric ciphers such as AES (in a variety of modes), padding schemes such as PKCS#7, random number generators, hashing algorithmns, asymmetric ciphers such as DSA and RSA, a variety of famous attacks, and so on.

  • Problem set 1
    • Convert hex to base64 and back
    • Fixed XOR
    • Single-character XOR Cipher
    • Detect single-character XOR
    • Repeating-key XOR Cipher
    • Break repeating-key XOR
    • AES in ECB Mode
    • Detecting ECB
  • Problem set 2
    • Implement PKCS#7 padding
    • Implement CBC Mode
    • Write an oracle function and use it to detect ECB
    • Byte-at-a-time ECB decryption, Full control version
    • ECB cut-and-paste
    • Byte-at-a-time ECB decryption, Partial control version
    • PKCS#7 padding validation
    • CBC bit flipping
  • Problem set 3
    • The CBC padding oracle
    • Implement CTR mode
    • Break fixed-nonce CTR mode using substitions
    • Break fixed-nonce CTR mode using stream cipher analysis
    • Implement the MT19937 Mersenne Twister RNG
    • "Crack" an MT19937 seed
    • Clone an MT19937 RNG from its output
    • Create the MT19937 stream cipher and break it
  • Problem set 4
    • Break "random access read/write" AES CTR
    • CTR bit flipping
    • Recover the key from CBC with IV=Key
    • Implement a SHA-1 keyed MAC
    • Break a SHA-1 keyed MAC using length extension
    • Break an MD4 keyed MAC using length extension
    • Implement HMAC-SHA1 and break it with an artificial timing leak
    • Break HMAC-SHA1 with a slightly less artificial timing leak
  • Problem set 5
    • Implement Diffie-Hellman
    • Implement a MITM key-fixing attack on Diffie-Hellman with parameter injection
    • Implement DH with negotiated groups, and break with malicious "g" parameters
    • Implement Secure Remote Password
    • Break SRP with a zero key
    • Offline dictionary attack on simplified SRP
    • Implement RSA
    • Implement an E=3 RSA Broadcast attack
  • Problem set 6
    • Implement Unpadded Message Recovery Oracle
    • Bleichenbacher's e=3 RSA Attack
    • DSA Key Recovery From Nonce
    • DSA Nonce Recovery From Repeated Nonce
    • DSA Parameter Tampering
    • Decrypt RSA From One-Bit Oracle
    • Bleichenbacher's PKCS 1.5 Padding Oracle (Simple Case)
    • Bleichenbacher's PKCS 1.5 Padding Oracle (Complete)

License

This work is released to the public domain.