Security Month on DevCentral: Challenge #1
As we highlight security on DevCentral this month, we wanted to pose a fun security challenge to exercise those brain cells a little bit. Today's challenge focuses on cryptography. The object of this challenge is to figure out a plaintext message given some ciphertext and clues.
The plaintext message for today's challenge was encrypted using a one-time-pad encryption method to generate the ciphertext.
The pad is a series of letters that are formed from a unique message based on a DES Challenge from several years ago. These DES Challenges were a series of brute force attack contests created by RSA Security to highlight the lack of security provided by the Data Encryption Standard (DES). The object of these challenges was to find the encryption key and use it to decrypt the ciphertext into a plaintext message. The first challenge began in 1997 and was solved in 96 days by the DESCHALL Project. The next challenge, "DES Challenge II-1" was solved by distributed.net in early 1998. Then, "DES Challenge II-2" was solved in July 1998. Finally, "DES Challenge III" was released and solved in January 1999.
The pad for today's challenge is the plaintext message from the DES Challenge II-1. The plaintext message from the DES Challenge included a colon in the middle of the message and a period at the end, but the pad for today's challenge removes the colon and the period (i.e. removes all non-letter characters). Further, to get today's pad, you'll need to move all the letters to lowercase and also remove all spaces.
For example, if the plaintext message from that challenge was, "Plaintext: Hello World." then the pad for today's challenge would be: plaintexthelloworld
The ciphertext for today's challenge is: wlzuipkvtxvguky
The challenge? Find the plaintext message.
Get it? Got it? Go!
Use the comments below to post the plaintext message, and feel free to tell us the method you used to solve the challenge!
- ltwagnonRet. Employee
Nicely done @michael molho!!
- michael_molho_2Nimbostratus
Here is how I did :
The description said the text was encrypted with the one-time-pad encryption method, using the plaintext message of the DES Challenge II-1 as pad : "The secret message is: Many hands make light work." (Google is your friend). Removing all the non-letter chars : "thesecretmessageismanyhandsmakelightwork".
Ok but the ciphertext is 15 chars long and the pad is 40 chars long. The decryption routine must be done with a pad as long as the ciphertext. So I decided to script (Python is my friend) a code which tries to decrypt the ciphertext using a substring (15 chars long) of the pad :
- Try 1 : 'thesecretmessag'
- Try 2 : 'hesecretmessage'
- Try 3 : 'esecretmessagei'
- etc ...
On each attempt, the script displays the decrypted text and ask for continuation.
As the decryption routing itself, I used the most simple one :
- Each letter is changed on its position on the alphabet (A=0, B=1, C=3 ...)
- decrypted[x] = alphab_index[ciphertext[i]] - alphab_index[pad[i]] % 26
Here is the script I wrote :
import sys import string Variables key = "thesecretmessageismanyhandsmakelightwork" ciphertxt = "wlzuipkvtxvguky" Return the position in the alphabet def alph_index(letter): return string.lowercase.index(letter) Loop with a sliding window over "key" (length must be the same as ciphertxt) for shift in range(0, len(key) - len(ciphertxt)): key_tmp = key[shift:shift+len(ciphertxt)] sliding window used as decryption key i = 0 res = "" print "\nTrying to decrypt with key '{}'".format(key_tmp) Decryption routing with the current key while i < len(ciphertxt): tmp = (alph_index(ciphertxt[i]) - alph_index(key_tmp[i])) % 26 c = string.lowercase[tmp] res += c i += 1 Show the decrypted text to the user, asking or continuation loop = raw_input("Result = '{}'. Does this look good ? (y/n)".format(res)) if loop != "n": break print "\nWell done :)\n"
And here is the result :
Trying to decrypt with key 'thesecretmessag' Result = 'devcentralrocks'. Does this look good ? (y/n) Well done :)
- ltwagnonRet. Employee
Thanks for participating @michael molho! Keep up the great work, and feel free to share the method in the next few days after others have had a chance to play as well. It's always very interesting to see how people solved the challenge!
- michael_molho_2Nimbostratus
devcentralrocks ! I'm not sharing the method yet, the others players can keep playing :)