Delan Azabani

Matasano Crypto Challenges

Matasano Security, founded by leading Hacker News user Thomas Ptacek, is running an email-based cryptography exercise suite. Perhaps it's a hiring tool, or a survey of programmer competency, but either way it's definitely very educational.

Just over a week ago, reading Maciej Cegłowski's experience completing the challenges inspired me to look into improving my crypto skills beyond the near zero I have now. Sure I can, for instance, retell some oft-repeated best and worst practices for storing passwords, but there's no way I could design a cryptosystem that's more secure than a wicker basket.

Cegłowski reflects how I feel to the bit:

Much of what I know (or think I know) about security has come from reading tptacek's comments on Hacker News, so I was intrigued when I first saw him mention the security challenges a few months ago. At the same time, I worried that I'd be way out of my depth attempting them.

I've just started the first set of eight problems, and it doesn't look too far-fetched yet. Relevant concepts like base64, XOR, simple cipher modes and (using) AES seem reasonably familiar, if not things I've worked with before.

Right now, I'm agonising over the elegance of my code, whether I should do everything in C or $LANGUAGE or pick up a new language for each exercise just for fun, and various other ways I can impress the real human eyeballs that are going to read my code. I suspect that soon, I won't be able to; after all, they are challenges.

You should do it too, if only purely for the fun. Simply email to start. The challenges probably won't run forever, and the hardest part is keeping your solutions to yourself.