The Cryptopals Challenges

To me, cryptography was always something that sounded difficult, complex and required a lot of math to understand. Yet, I was interested in how crypto actually worked. How data gets thrown against an algorithm and suddenly becomes unreadable, which only could be made readable again by using the correct key or credentials.

During penetration tests against web apps, most of the time I come across some kind of encrypted data that is being used in various parameters. I always found it quite daunting to tackle these values and barely attempted to try and attack it, simply because I didn’t understand it enough.

Eventually, this lead me to do some googling on cryptography and this is how I stumbled on the Cryptopals challenges: a practical way of understanding and — most importantly — breaking certain crypto algorithms. I was surprised when I was reading the intro on their website and the authors mention that “most crypto is fatally broken”. I was hooked, this sounded so interesting and sparked my interest even further. And so, my adventure started to learn as much as possible on attacking cryptography.

The challenges require you to do a lot of scripting / coding. The authors mentioned that, while doing the Cryptopals challenges, it is a good way to learn a new language. As I was already quite fluent in Python, I decided to write my code in C#. I had no experience with C# before and I thought that it was a good idea to pick up a .NET language.

Small disclaimer: I’m not a developer. So please don’t judge me if you see any spaghetti code in my write-ups. The goal for me is to understand the concepts of crypto and being able to attack them. Not to write sleek and optimal code.

Below is a list of all the Cryptopals sets that I’ve completed. They include the solution for each challenge along with the code that I’ve used and a detailed explanation on my thought process.

Enjoy!