Thursday, July 4, 2013

Matasano Crypto Challenge

I recently finished Matasano Crypto Challenges and it was an interesting experience. I started doing them because @tqbf tweets with standings showed up in my tweet feed and made me feel competitive. Now I'm very glad I did them.

Update: competition is not running anymore. All exercises and official solutions are available on My solutions are written in java and stored in matasano-cryptopals-solutions github repository.

Crypto Challenges is a collection of 48 exercises that demonstrate attacks on real world ciphers and protocols. Exercises exploit both badly designed systems and subtle implementation bugs in theoretically rock solid crypto. Most importantly, they make you see how tricky the security can be and how much various details matter.

If you solved all exercises while the competition was running, Matasano donated 20$ to a charity.

They are all coding exercises and you do not need any prior knowledge of cryptography or security. An exercise may ask you to google and implement cipher, implement vulnerable system using that cipher or finally hack it. None of them was too hard and most have been interesting.

First sets are more time consuming and harder then later ones. If you already started, do not give up - it will get better.

It is a bit like trying to do homework if you did not bothered to go to lectures. You have to search the net for algorithms and learn on your own. One exercise even required us to "google for this article and implement attack it describes".

The most important thing I learned is that exploiting vulnerabilities can be easy. It is much much much easier then I previously thought. I came to conclusion that writing exploits like this should be part of standard CS education. It is easy to underestimate vulnerabilities or consider them theoretical until you see small life like system and suddenly crack it.

If you have some free time and want to learn a bit of security, you may respond to this challenge. It is worth it.


brown_panda said...

I became aware of these challenges today! Setting how the questions are no longer available, is it possible for you to share them?



Post a Comment