Thursday, April 27, 2017

Cryptopals Set 2

  • Challenge 9 and 15 PKCS#7 padding -- the challenges do not make clear that that if the final data block fits the data block perfectly (e.g. there are 16 bytes of data remaining in the final 16-byte block), an additional block should be appended as padding.
  • Challenge 14 Byte-at-a-time ECB decryption -- this is indeed a harder variant of challenge 12, since a random number of bytes being prefixed to the attacker-controlled text means that the oracle is not always reliable. From previous challenges, however, we know that repeating blocks are encrypted identically in ECB mode. We can therefore prepend the attacker-controlled text with two repeating blocks, i.e. have the oracle encrypt (random prefix || repeating blocks || attacker-controlled text || target-bytes). If we observe repeating blocks, we know where our attacker-controlled text begins (as a wrapper around the oracle function, call this "smart oracle"). Assuming that the random number of bytes prefixed is uniformly distributed over integers with some upper boundary N, it will take roughly N times more calls to the oracle to achieve a desirable result... which is reasonable as it scales linearly. I'm still missing something as the smart oracle sometimes fails, but decryption generally works after a few tries.

Saturday, April 22, 2017

Cryptopals Set 1

I have started working through the Cryptopals Challenges after hearing about it on a Podcast.__init__ episode. It seems like a good and practical refresher to Dan Boneh's Crytopgraphy I class on Coursera (incidentally, I've been waiting for Crytography II for many years but the course seems to be constantly pushed back). It should also be a good exercise to work through in F# -- as a means to learn more of the language -- after completing a first pass in Python.

Set 1 is fairly straightforward, though it took me a while to workout how to operate consistently on bytearrays (per the Cryptopals rules) and convert between different encodings (hex, base64, bytes represented as ints vs chars...). It seems that Python 3 makes the experience of working with bytes a little easier.


  • Challenge 3 Single-Byte XOR Cipher: most frequency distribution of characters in the English language that I found did not include non-alphabet characters, such as space. My solution did not work until space was included in the scoring of plaintext (using chi-squared).