See how that entry says "usu. with negative or in questions"? The usage in this case is neither negative nor a question, and so many, like the gp and myself, found it confusing.
I did the first set and loved it. Are you running much of a backlog? I sent that in about two days ago.
Actually, looks like an email mixup. I didn't reply directly to the more recent email and composed a fresh mail to us@cryptopals.com which doesn't work (although I did CC the other address as requested). Just forwarded my submission.
I sent in my request a few minutes after this went live, still waiting. :(
They must have a huge spike in requests to go through, plus the people completing sets 1 and 2. I would expect waiting times to drop as fewer people complete the advanced sets.
i'm a third of the way through these are they're really entertaining - i am going to recommend them to my colleagues at the next weekly meeting.
i "knew" some of attacks were possible, but had no real idea of how to go about exploiting them "for real" - this course works you through practical applications (and i found it to be pitched at an almost perfect level - it moves fast enough to be interesting, but not so fast you get lost).
they're quite meaty - doing one email (out of the 6) takes at least a day for me (but there's also some slack - you've got quite a bit of freedom and i think you could spend more or less time, depending on exactly what you choose to do.)
i haven't needed any deep technical knowledge or hard maths (but i already knew, for example, what a "block cipher" was and what "modes of operation" were, even if i couldn't tell you which did what without looking at wikipedia). the hardest part has just been "bookkeeping" in the code - tracking which offset in the array of data i am modifying, etc. the usual programming details.
so this is for interested amateurs - i don't think the nsa is going to be very excited learning who has completed the course...
(also, fwiw, i'm using python 3.3 (the new "yield from" is very useful when writing code that modifies sequences) and it's plenty fast enough so far)
> so this is for interested amateurs - i don't think the nsa is going to be very excited learning who has completed the course...
Yes. Though: I studied cryptography as part of mathematics in university, and while we studied much more sophisticated attacks and ways to break your ciphers, we never actually ended up coding up the breaks even of comparatively trivial attacks.
What's an example of sophisticated class of attacks we have poor coverage on? (If you like, mail me directly; we're not publishing exactly what the challenges are).
I'd appreciate leads on places we should expand our coverage. Sean is already working on set 7, and we're pulling attacks out of the recent literature to do that.
Do you have anything on certificate verification? Not that I actually know anything about it, but.. here, I think these words from Moxie Marlinspike about sum it up:
"I’m not actually a supporter of the general adage “never roll your own crypto.” I believe that cryptography is a fairly closed system, and that it’s relatively straightforward to learn how to carefully use cryptographic primitives to build protocols securely. Certificate validation, on the other hand, is something that I would recommend people avoid doing themselves, if possible. It’s mired in cruft and gotchas."[1]
Moxie covers a few examples in the link, but it would be interesting to see some more along those lines.
I think very highly of Marlinspike, and he is clearly smarter than I am, but he is wrong on this point. No, one thing I will say about our challenges: we don't spend time on certificate parsing. We thought about it, but decided people were unlikely to run into a lot of new X.509 implementations that can't handle a NUL byte (and things like that), at least not as likely as the other bugs we showcase.
Edit: I read this comment out of context. Sorry. Obviously, I asked for examples of flaws we could cover. Thanks for offering one up.
I've only just started the first 8 of the series of challenges. (Thanks!)
One thing I remember breaking (in theory) in university was a crypto-system based on the knapsack problem. But it is not in use in practice (because it has been broken). I don't know whether you included it.
If you can point me to a university curricula (and, especially, a syllabus) that has hugely better coverage of practical attacks on cryptographic implementations, I'd be interested in seeing it.
Nobody is going to come out of these challenges qualified to pick SHA-4 or AES-ng, or for that matter, prepared to design a new cipher or even a novel crypto construction. That's not the point of the challenges.
But we're covering what I think might be an odd corner of cryptography. Our approach to crypto is from a software security perspective. In a similar sense as 2013 software security researcher might be able to tell you a great deal about how Javascript objects are allocated a browser but not have any idea about best practices for organizing actual working Javascript code, we're covering an idiosyncratic set of implementation details but leaving all the theory out --- not least because we don't have the theory background.
> If you can point me to a university curricula (and, especially, a syllabus) that has hugely better coverage of practical attacks on cryptographic implementations, I'd be interested in seeing it.
Me, too. The courses I took were much more theoretical--lots and lots of number theory. I enjoyed them, and I enjoy your challenges, too.
The theory is fun, and I learned enough to understand some interesting attacks, but at the level of courses I studied the material at, we did not come up with any new attacks.
The distinction is a bit like theoretical computer science versus actually writing a programme.
P.S. I'll looking through material from my old university and see if I can find anything interesting.
'People "know" this already, but they don't really know it in their gut, and we think the reason for that is that very few people actually know how to implement the best-known attacks. So, mail us, and we'll give you a tour of them.'
As Hegel said, "The familiar is not understood precisely because it's familiar." Das Bekannte überhaupt ist darum, weil es bekannt ist, nicht erkannt.
I live this every day as a teacher. Students believe they understand, say, linked lists because they can recite all sorts of Linked List Facts™. It's not until you put them in front of a problem with a linked-list-shaped hole that they truly come to understand (erkennen).
Ain't that the truth. And (if you're doing it right), the older you get the more holes you spot. And, in filling those holes, keep collecting the lightbulbs from over your head when the "erkennen" mallet strikes.
He was quoting me quoting Hegel, talking about the relationship between familiarity and understanding.
Unfortunately English doesn't have the precise distinction that German does, so the translation is a little confusing. To an English speaker "familiar", "known", and "understood" are almost synonymous.
It's great to see a company doing something like this and getting involved in the community this way, I took Dan Boneh's class on Cryptography some time last year so I've sent these guys an email and I will see what I can manage.
I just started doing these and am very much enjoying it so far despite not being much of a programmer (and never having done any crypto before!). I spent a good Saturday afternoon doing the first 8 though have to confess problem 4 seems I be confounding me despite having easily found the answer to problem 3 :( and whatever bug I have in problem 4 also means my problem 6 isn't working either. And sadly I have to get back to my real work now it's Monday again!
Much better than it was on Friday when the first story hit (none of this was automated on Friday), but still on human-scale time. Minutes to multiple hours. When did you send your mail to us? If it was any time before this afternoon, you should have already seen mail from us; check your spam filter.
About 1 out of every ~200 people we mail refuses the mail (at SMTP) for one reason or another, so if you're running your own email server, make sure it'll accept mail from MATASANOCRYPTOPALS.COM --- note that's not the domain you sent to.
Sent it on Friday. Unless you didn't RE:, it shouldn't have been spammed, but I have a habit of emptying my spam folder without ever looking at the contents, so we'll never know.
