Quick plug: set 8 is out. It's all about attacks on elliptic curves and GCM.<p>This set is huge. There's as much content as in any two or three other sets.<p>This set is tough. It's easily the toughest set so far. And there is some math. But it's fascinating stuff and (I hope) pretty approachable.<p>This set is OG cryptopals. That means we're (for now) distributing it via email. If you want to check it out, send a mail to set8.cryptopals@gmail.com with subject "Crazy Flamboyant for the Rap Enjoyment".
I am currently working through these in my (very rare) spare time as a means of learning Rust.<p>Forget project Euler or babby's first web server. This is an _excellent_ way to learn a new language, to learn a huge amount about crypto, and it's a huge amount of fun to boot. I cannot recommend them enough.
Fantastic! I've have to get to work on this.<p>And I already have two projects I haven't finished...<p>For those of you who <i>have</i> finished this, I'd reccomend checking out The Synacor Challenge, and The Advent of Code, both the work of the excellent Eric Wastl.<p>Bonus: I just discovered that we're getting a new Advent of Code this December. So even if you've already done last year's (if you haven't, there's still time!), stretch your fingers, because there's more coming down the pipe.
I had a great time doing these challenges, learnt a lot that I had forgotten about working with bytes and a raft of stuff I never knew about cryptography.<p>The only problem with a new huge set is I have a day job and a wife and kids, so I guess I will be working through these on the train and very late at night
I'm dying to finish these, but I had a <i>ton</i> of fun doing the first few sets. 1.6 was a total eye opener for me, not knowing any real crypto before, I naively thought if I used a long key, repeating key XOR would be a reasonable amount of protection against at least your boss or a few of your smart friends or whatever. Finding out that I could crack it in milliseconds with vanilla Python and that the key length barely matters, that was... educational.
By the way. NCC group (who was behind these challenges) is looking for a crypto intern for the next summer (2017). If you like cryptopals, we probably already like you :)<p>Check the internship challenges here: cryptoservices.github.io/challenges
<p><pre><code> But: it doesn't yet. If we waited to hit "publish" until
everything was here, we might be writing this in 2015.
</code></pre>
Ho ho.
It's really interesting to interact with problems that don't ever come up in the day job, I'm only part way through set 2 but this has taught me a huge amount already.<p>> People "know" this already, but they don't really know it in their gut, and we think the reason for that is that very few people actually know how to implement the best-known attacks.<p>I agree with them when they say it's important to teach implementations alongside theory. Despite knowing some theory behind cryptography seeing implementations come together is still an eye-opener. I guess it's like the difference between knowing orbital mechanics which is basically high school math and then playing kerbal space program and crashing rockets because while you could derive the functions every time it still takes some practical feel before things "click".<p>Only in this case you also get to break it all down again which is another level of satisfaction.
I can't recommend this enough. You'd be surprised how incredibly often you can spot vulnerabilities in real life code just because you wrote an exploit in this challenge.<p>I blogged about my run through the early sets a while back:<p><a href="https://lolware.net/2014/09/15/cryptochallenge.html" rel="nofollow">https://lolware.net/2014/09/15/cryptochallenge.html</a><p>Set eight however, is much more brutal (while still being fun). I've completed the first three and had to take a break. Looking forward to getting back at it.
This looks like a great idea to do with my distributed team: many of us are learning a new language for fun at the moment, from Erlang to Rust or Go and if we all create a private gist of our answers as we do them, we can date-stamp verify our proofs with each other as we all get through to the next level as a team. Thanks, you wonderful people who put this together!
I got stumped on this when trying to generate the finite fields for RSA in order to solve 1.7 and then getting discouraged. I'm not sure how deep to go on coding up solutions for these, as a lot of libraries will do most of the work for you but then you're not learning much. I guess go as deep as you can and then back off when it's untenable.
I loved diving into these as I was first learning Python. It's like a much more interesting version of those silly string manipulation tasks you get in CS101, except that instead of passing a course you break harder and harder crypto. Great fun :)
Does someone still have the original plaintext-formatted sets that you got by mail one by one? I prefer working off those, too bad I haven't kept them.