The big lie of computer security is that security improves by imposing complex passwords on users. In real life, people write down anything they can't remember. Security is increased by designing for the way humans actually behave. -Jakob Nielsen
The difficulty of this mission is rated as hard, but it is very simple if you know how to approach the problem.
Say hello to the encryption form!
The first step is to fool around and play with it. Enter some characters in the box and observe what happens. You will find that lot of numbers are being generated.This implies that the code is numeric.
Enter exactly one character in the box, and do not enter a password for encryption. What do you observe? Lets have a look at what I get for the character 'a':
A weird triplet of numbers. Are the numbers being generated unique? Hit the encrypt button several times; you will find that different triplets are being generated every time. These are the triplets for three different encryptions (of 'a'):
So it is established that the encryption scheme does not necessarily produce the triplet every time. Yet, a decoder should be able to produce 'a' for every triplet; implying that there must be something in common among the triplets. Figuring out this commonality is the most important part of the mission. If you have understood this, you should be able to reduce these triplets to a simpler numeric form.
The next step is understanding how the password affects the code.
Enter password 'a' for encrypting 'a'. This is what I got:
Reduce the triplet. What do you observe? Nothing? Do not worry. Enter 'b' as the password for encrypting 'a'. This is what I got:
Reduce the triplet once again. How much does it differ from the previous reduction? Are you able to see the relation between the plaintext, the password and the cipher text? Generalise this observation and test your theory with larger strings. At the end of this phase, you should fully understand the algorithm.
Take a look at the code you should decrypt:
The first step is to reduce the triplets to the simpler form. Since you have completed Phase 2, you should know how to extract the plaintext from this cipher if you are given the password. But the password is not available. Remember that your aim is not to find the password, but to break the code. You also know that passwords value contributes to all the characters in the code. If you manage to find a mapping between any character and its reduced form, you will have found the passwords value. (I say 'any' character because the mappings are apparent if you've understood the encryption algorithm)
The most unpleasant way of doing this is by mapping all ASCII values to any particular code and waiting for a readable message. You are sure to get the message within 255 trials because only 255 ASCII characters are present. This approach is commonly referred to as brute forcing. How about using some intelligence instead?
Which character in the original message is likely to have the smallest value? Let's map the smallest number in the reduced code to the smallest number you have thought of. If you know the algorithm, mapping the other ASCII values to the rest of the code should be trivial. Translate these ASCII values to their ASCII characters. Do you see the original message? Yes? Very good! You have completed the mission and can send this message to the person who requested for it.
You see nonsense? Think more carefully about the smallest character. This character is not as obvious as one might expect. In the worst case, you can use brute force. I can assure you will arrive at your message pretty soon. Do you see the message now? Didn't even think of that character huh? :)
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 17 comments.
HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.