<-- Prev

Symmetric Cryptography

Next -->
  • Passwords as Keys
    50 pts · 5547 Solves · 31 Solutions
    It is essential that keys in symmetric-key algorithms are random bytes, instead of passwords or other predictable data. The random bytes should be generated using a cryptographically-secure pseudorandom number generator (CSPRNG). If the keys are predictable in any way, then the security level of the cipher is reduced and it may be possible for an attacker who gets access to the ciphertext to decrypt it.

    Just because a key looks like it is formed of random bytes, does not mean that it necessarily is. In this case the key has been derived from a simple password using a hashing function, which makes the ciphertext crackable.

    For this challenge you may script your HTTP requests to the endpoints, or alternatively attack the ciphertext offline. Good luck!

    Play at https://aes.cryptohack.org/passwords_as_keys

    You must be logged in to submit your flag.


Level Up

level up icon

You are now level Current level