The matasano challenges

Posted by: Adam Gibson | in Cryptography | 2 years, 8 months ago | 0 comments

On the cryptopals website there is a list of cryptography coding challenges; originally they were hosted by matasano, so the name stuck (at least in my brain).

They're a kind of crash course in the basics of crypto in real world usage. And they're very nicely put together, as many can attest. I for one learnt a lot from them. You can see how popular they are on Github (and you can also see how many people didn't get anywhere near finishing them!).

I did (most of it) in February this year; at that time only the first 6 sets were up, and so I did those. The 7th has recently been added, and the 8th more recently (though not on the site). You can see my solution set here. There was no attempt to organize it prettily; just one Python module per challenge.

If you are somehow inspired to try them yourself, you might find, as I did with other github repos, that others' solutions give a useful sanity-check after you've finished each one.

What did I learn?

A lot of the issues that the challenges illustrate (although not all!) are kind of well known. Example: repeated nonces can be bad. But actually implementing attacks gives you a much richer understanding. Here are some things which I kind of sort of knew, but didn't really, until after these exercises.

  • ECB isn't just bad because of penguins! It is not really a block cipher mode, and using it as such, you will have a bad time.
  • Hamming distance is a very cool idea. It's the key to the first relatively hard challenge.
  • Use nonces correctly in things like CTR, or cry (OK, this one is obvious, plus I already said it...)
  • Padding oracles are a really, really nasty thing. The most sophisticated attacks in the sets are based around this idea.They can be bad (very) bad in CBC (the most famous TLS attacks were based around this: Beast, Lucky-13 etc. all started from the original idea of Vaudenay), and Bleichenbacher's attacks of the same type are equally disastrous.
  • The widely used Mersenne twister random number generator is profoundly cryptographically unsafe (duh?)
  • Daniel Bleichenbacher is your God

What is hard?

Not everyone's the same, but I think a few are more likely than not to slow you down.

Doubtless others too, that I forgot.


I read in a few places that people recommend using the challenges as a way to learn a new programming language. Hmm! What I'd say is that this kind of work is exactly where Python shines, as it's very good for quick-and-dirty (rather than architecturally thoughtful) algorithm implementation requiring a lot of data of different types. I hardly ever had to think about code while doing it, which helped a lot. As for dependencies, I managed to get by only with an AES implementation (slowaes) and Crypto.RSA (for generating primes; you implement RSA yourself). Of course, this hardly counts as a dis-recommendation of other languages :)

The most profound lesson of all...

I'm back and I'm ringin' the bell
A rockin' on the mike while the fly girls yell
In ecstasy in the back of me
Well that's my DJ Deshay cuttin' all them Z's
Hittin' hard and the girlies goin' crazy
Vanilla's on the mike, man I'm not lazy.

Only matasano vets would understand :)

Current rating: 5


There are currently no comments

New Comment


required (not published)