Cryptopals

Cryptopals challenge solutions in Python. Find the challenges at cryptopals.com.

Set 1 - Basics

• Challenge 01: Convert Hex to Base64
• Challenge 02: Fixed XOR
• Challenge 03: Single-Byte XOR Cipher
• Challenge 04: Detect Single-Byte XOR
• Challenge 05: Implement Repeating-Key XOR
• Challenge 06: Break Repeating-Key XOR
• Challenge 07: AES in ECB Mode
• Challenge 08: Detect AES in ECB Mode

Set 2 - Block Crypto

• Challenge 09: Implement PKCS#7 Padding
• Challenge 10: Implement AES in CBC Mode
• Challenge 11: An ECB/CBC Detection Oracle
• Challenge 12: Easy Byte-at-a-Time ECB Decryption
• Challenge 13: ECB Cut-and-Paste
• Challenge 14: Hard Byte-at-a-Time ECB Decryption
• Challenge 15: PKCS#7 Padding Validation
• Challenge 16: CBC Bitflipping Attacks

Set 3 - Block and Stream Crypto

• Challenge 17: The CBC Padding Oracle
• Challenge 18: Implement CTR, the Stream Cipher Mode
• Challenge 19: Break Fixed-Nonce CTR Using Substitutions
• Challenge 20: Break Fixed-Nonce CTR Statistically
• Challenge 21: Implement the MT19937 Mersenne Twister RNG
• Challenge 22: Crack an MT19937 Seed
• Challenge 23: Clone an MT19937 RNG From Its Output
• Challenge 24: Create the MT19937 Stream Cipher and Break It

Set 4 - Stream Crypto and Randomness

• Challenge 25: Break 'random access read/write' AES CTR
• Challenge 26: CTR Bitflipping
• Challenge 27: Recover the Key From CBC With IV=Key
• Challenge 28: Implement a SHA-1 Keyed MAC
• Challenge 29: Break a SHA-1 Keyed MAC Using Length Extension
• Challenge 30: Break an MD4 Keyed MAC Using Length Extension
• Challenge 31: Implement and Break HMAC-SHA1 With an Artificial Timing Leak
• Challenge 32: Break HMAC-SHA1 With a Slightly Less Artificial Timing Leak

Set 5 - Diffie-Hellman and Friends

• Challenge 33: Implement Diffie-Hellman
• Challenge 34: Implement a MITM Key-Fixing Attack on Diffie-Hellman With Parameter Injection
• Challenge 35: Implement DH With Negotiated Groups, and Break With Malicious 'g' Parameters
• Challenge 36: Implement Secure Remote Password (SRP)
• Challenge 37: Break SRP With a Zero Key
• Challenge 38: Offline Dictionary Attack On Simplified SRP
• Challenge 39: Implement RSA
• Challenge 40: Implement an E=3 Broadcast Attack

Set 6 - RSA and DSA

• Challenge 41: Implement Unpadded Message Recovery Oracle
• Challenge 42: Bleichenbacher's E=3 RSA Attack
• Challenge 43: DSA Key Recovery From Nonce
• Challenge 44: DSA Nonce Recovery From Repeated Nonce
• Challenge 45: DSA Parameter Tampering
• Challenge 46: RSA Parity Oracle
• Challenge 47: Simple Bleichenbacher's PKCS 1.5 Padding Oracle
• Challenge 48: Complete Bleichenbacher's PKCS 1.5 Padding Oracle

Set 7 - Hashes

• Challenge 49: CBC-MAC Message Forgery
• Challenge 50: Hashing With CBC-MAC
• Challenge 51: Compression Ratio Side-Channel Attacks
• Challenge 52: Iterated Hash Function Multicollisions
• Challenge 53: Kelsey and Schneier's Expandable Messages
• Challenge 54: Kelsey and Kohno's Nostradamus Attack
• Challenge 55: MD4 Collisions
• Challenge 56: RC4 Single-Byte Biases

Set 8 - Abstract Algebra

• Challenge 57: Diffie-Hellman Revisited - Small Subgroup Confinement
• Challenge 58: Pollard's Method for Catching Kangaroos
• Challenge 59: Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks
• Challenge 60: Single-Coordinate Ladders and Insecure Twists
• Challenge 61: Duplicate-Signature Key Selection in ECDSA and RSA
• Challenge 62: Key-Recovery Attacks on ECDSA with Biased Nonces
• Challenge 63: Key-Recovery Attacks on GCM with Repeated Nonces
• Challenge 64: Key-Recovery Attacks on GCM with a Truncated MAC