Concise Christmas Cryptography Challenges 2019


Last year we published some crypto challenges to keep you momentarily occupied from the festivities. This year, we’re doing the same. Whether you’re bored or just want to learn a bit more about the technologies that encrypt the internet, feel free to give these short cryptography quizzes a go.

We’re withholding answers until the start of the new year, to give you a chance to solve them without spoilers. Before we reveal the answers; if you manage to solve them, we’ll be giving the first 5 people to get the answers right some Cloudflare swag. Fill out your answers and details using this form so we know where to send it.

Have fun!

NOTE: Hints are below the questions, avoid scrolling too far if you want to avoid any spoilers.

Challenges

Client says Hello

Client says hello, as follows:

00000c07ac01784f437dbfc70800450000f2560140004006db58ac1020c843c
7f80cd1f701bbc8b2af3449b598758018102a72a700000101080a675bce16787
abd8716030100b9010000b503035c1ea569d5f64df3d8630de8bdddd1152e75f
528ae577d2436949ce8deb7108600004400ffc02cc02bc024c023c00ac009c0
08c030c02fc028c027c014c013c012009f009e006b0067003900330016009d
009c003d003c0035002f000a00af00ae008d008c008b010000480000000b
000900000663666c2e7265000a00080006001700180019000b0002010000
0d0012001004010201050106010403020305030603000500050100000000
001200000017000052305655494338795157524c656d6443436c5246574651
675430346754456c4f52564d674e434242546b51674e513d3d

[Raw puzzle without text wrap]

Time-Based One-Time Password

A user has an authenticator device to generate one time passwords for logins to their banking website. The implementation contains a fatal flaw.

At the following times, the following codes are generated (all in GMT/UTC):

  • Friday, 21 December 2018 16:29:28 – 084342
  • Saturday, 22 December 2018 13:11:53 – 411907
  • Tuesday, 25 December 2018 12:15:03 – 617041

What code will be generated at precisely midnight of the 1st of January 2019?

RPKI

At Cloudflare, we just setup RPKI: we signed a few hundred prefixes in order to reduce route leaks. But some of the prefixes hide a secret message. Find the ROAs that look different, decode the word!

Hints

Client says Hello

This challenge has 3 hints, as follows:

TOTP

The Time-Based One-Time Password Algorithm is described in RFC 6238, which was based of RFC4226 (providing an algorithm for HOTP). The TOTP algorithm requires input of two important parameters, the time and a shared secret – could one be missing?

The implementation used to generate the TOTP codes for the challenge uses SHA-1 as a digest algorithm.

RPKI

This challenge has 4 hints, as follows:

  • Hint #0: Four or six? Probably six.
  • Hint #1: If only there was a way of listing only our IPs!
  • Hint #2: What is the only part of the ROA where we can hide information into
  • Hint #3: Subtract the reserve, the char will show itself

Solutions

Stay tuned!

Interested in helping build a better internet and drive security online? Cloudflare is hiring.



Source link