A place to work through the CryptoPals challenges in Rust to hopefully learn things along the way!
✅ Set 1, basics
✅ Set 2, block ciphers
✅ Set 3, more block ciphers
- ✅ 17. The CBC padding oracle src
- ✅ 18. Implement CTR, the stream cipher mode src
- ✅ 19. Break fixed-nonce CTR mode using substitutions src
- ✅ 20. Break fixed-nonce CTR statistically src
- ✅ 21. Implement the MT19937 Mersenne Twister RNG src
- ✅ 22. Crack an MT19937 seed src
- ✅ 23. Clone an MT19937 RNG from its output src
- ✅ 24. Create the MT19937 stream cipher and break it src
✅ Set 4, even more block ciphers
- ✅ 25. Break "random access read/write" AES CTR src
- ✅ 26. CTR bitflipping src
- ✅ 27. Recover the key from CBC with IV=Key src
- ✅ 28. Implement a SHA-1 keyed MAC src
- ✅ 29. Break a SHA-1 keyed MAC using length extension src
- ✅ 30. Break an MD4 keyed MAC using length extension src
- ✅ 31. Implement and break HMAC-SHA1 with an artificial timing leak src
- ✅ 32. Break HMAC-SHA1 with a slightly less artificial timing leak src
✅ Set 5, Diffie-Hellmann and friends
- ✅ 33. Implement Diffie-Hellman src
- ✅ 34. Implement a MITM key-fixing attack on Diffie-Hellman with parameter injection src
- ✅ 35. Implement DH with negotiated groups, and break with malicious "g" parameters src
- ✅ 36. Implement Secure Remote Password (SRP) src
- ✅ 37. Break SRP with a zero key src
- ✅ 38. Offline dictionary attack on simplified SRP src
- ✅ 39. Implement RSA src
- ✅ 40. Implement an E=3 RSA Broadcast attack src
✅ Set 6, RSA and DSA
- ✅ 41. Implement unpadded message recovery oracle src
- ✅ 42. Bleichenbacher's e=3 RSA Attack src
- ✅ 43. DSA key recovery from nonce src
- ✅ 44. DSA nonce recovery from repeated nonce src
- ✅ 45. DSA parameter tampering src
- ✅ 46. RSA parity oracle src
- ✅ 47. Bleichenbacher's PKCS 1.5 Padding Oracle (Simple Case) src
- ✅ 48. Bleichenbacher's PKCS 1.5 Padding Oracle (Complete Case) src
✅ Set 7, Hashes
- ✅ 49. CBC-MAC Message Forgery src
- ✅ 50. Hashing with CBC-MAC src
- ✅ 51. Compression Ratio Side-Channel Attacks src
- ✅ 52. Iterated Hash Function Multicollisions src
- ✅ 53. Kelsey and Schneier's Expandable Messages src
- ✅ 54. Kelsey and Kohno's Nostradamus Attack src
- ✅ 55. MD4 Collisions src
- ✅ 56. RC4 Single-Byte Biases src
- Set 8, Abstract algebra
- ✅ 57. Diffie-Hellman Revisited: Small Subgroup Confinement src
- ✅ 58. Pollard's Method for Catching Kangaroos src
- ✅ 59. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks src
- ✅ 60. Single-Coordinate Ladders and Insecure Twists src
- 61. Duplicate-Signature Key Selection in ECDSA (and RSA) src
- 62. Key-Recovery Attacks on ECDSA with Biased Nonces src
- 63. Key-Recovery Attacks on GCM with Repeated Nonces src
- 64. Key-Recovery Attacks on GCM with a Truncated MAC src
- 65. Truncated-MAC GCM Revisited: Improving the Key-Recovery Attack via Ciphertext Length Extension src
- 66. Exploiting Implementation Errors in Diffie-Hellman src
If you have rust installed, it should be as simple as
cargo run -- -c <CHALLENGE_NUMBER>
will run the specified challenge! Some slow ones are better run with --release
.
There are also a number of tests along the way to check the result of various challenges:
cargo test
although they could take a while