Ok, now these kinds of challenges are not really good. The reason is that without any extra property, they are trivial. Here is why:
Let's assume you have a cyphertext c, of length l (ie |c| = l). Now I take a plaintext p of length also l (|p| = l). Let the key k be c xor p. Now
c xor k = c xor (c xor p) = (c xor c) xor p = 0^l xor p = p
Where 0^l is a string of l zeros. So yeah, given one cyphertext, I can craft a pair of key and plaintext such that there is a cypher (simple xor) that, given the cyphertext and the key, outputs the plaintext.
What is worse? I can craft |E|^l of such plaintexts (where |E| is the size of the alphabet).
So yeah: this test only checks if people know basic cryptography and boolean algebra. Which tends not to be a very good test[1,2]
also, it's even not a case of "crack this and get an interview" it's "crack this and get to apply for the same vacancy that gchq publish on their homepage": job id 35874.
Is that salary listed yearly? If so I can understand why they have to do something like this to get people to apply, I earned more than that while working in retail.
Why do you think this challenge has anything to do with xor'ing with a key? It's not that kind of code.
Actually, I'd say that mob is after assembly language programmers at the moment, not people who know "basic cryptography and boolean algebra".
Moreover, they don't really care if the solution gets plastered all over the net, because from their perspective the point is not the code, but the message (that they have jobs available to British citizens with those skills). And I know that because, according to the press, they said so.
I'm sorry if I misunderstood you but I get the impression that you feel like a One Time Pad is trivial to break?
Just because you can construct any plaintext of that size and a suitable key to generate that ciphertext doesn't mean you've broken it or know anything about its content (aside from the maximum length of the plaintext).
The answer is supposed to be a keyword, I seriously doubt it's an OTP they are asking for...
The Australian equivalent (DSD) did a challenge like this last month. Same deal - x86 assembly to decrypt a message and reveal a secret URL. They too had no tracking.
don't know if this means anything at all but exif info on the photo has a comment: QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR78jKLw==
/index.asp oh please, what's a challenge worth when I can find out the solution without solving it, by going to the application url. My naive proxy thought it's advertisment and didn't allow me apply hehe.
also we're lucky they exclude non-british folks, that way they interchange doubtable trust measures with infosec beginners.
God says...
C:\LoseThos\www.losethos.com\text\DARWIN.TXT
firstly, that all
animals tend to vary in some degree, and, secondly, that agriculturists
improve their domesticated animals by selection; and then, he adds, but
what is done in this latter case "by art, seems to be done with equal
efficacy, though more slowly, by nature, in the formation of varieties of
mankind, fitted for the country which they inhabit. Of the accidental
varieties of man, which would occur among the first few and scattered
inhabitants of the middle regions of Africa, some one wo
30 comments
[ 3.0 ms ] story [ 58.0 ms ] threadLet's assume you have a cyphertext c, of length l (ie |c| = l). Now I take a plaintext p of length also l (|p| = l). Let the key k be c xor p. Now
Where 0^l is a string of l zeros. So yeah, given one cyphertext, I can craft a pair of key and plaintext such that there is a cypher (simple xor) that, given the cyphertext and the key, outputs the plaintext.What is worse? I can craft |E|^l of such plaintexts (where |E| is the size of the alphabet).
So yeah: this test only checks if people know basic cryptography and boolean algebra. Which tends not to be a very good test[1,2]
[1] http://techcrunch.com/2011/05/07/why-the-new-guy-cant-code/
[2] http://devinterviews.pen.io/
But, it's a good publicity ruse.
edit: the pay's not even that great.
Actually, I'd say that mob is after assembly language programmers at the moment, not people who know "basic cryptography and boolean algebra".
Moreover, they don't really care if the solution gets plastered all over the net, because from their perspective the point is not the code, but the message (that they have jobs available to British citizens with those skills). And I know that because, according to the press, they said so.
And the word cipher is on the title.
[1] http://en.wikipedia.org/wiki/S_box
Just because you can construct any plaintext of that size and a suitable key to generate that ciphertext doesn't mean you've broken it or know anything about its content (aside from the maximum length of the plaintext).
The answer is supposed to be a keyword, I seriously doubt it's an OTP they are asking for...
Pr0t3ct!on#cyber_security@12*12.2011+
I literally have little to no idea how to start.
Give me a reading list, or outline the first few steps!
http://www2.warwick.ac.uk/fac/soc/pais/people/aldrich/vigila...
If they sound interesting to you then read the plenteous clues in the HN thread from this morning.
It would be pretty hilarious if no actual British citizens figure it out for themselves.
also we're lucky they exclude non-british folks, that way they interchange doubtable trust measures with infosec beginners.
yawn.
why do I want to type all this in, again?
(God's laughing)
God says... C:\LoseThos\www.losethos.com\text\DARWIN.TXT
firstly, that all animals tend to vary in some degree, and, secondly, that agriculturists improve their domesticated animals by selection; and then, he adds, but what is done in this latter case "by art, seems to be done with equal efficacy, though more slowly, by nature, in the formation of varieties of mankind, fitted for the country which they inhabit. Of the accidental varieties of man, which would occur among the first few and scattered inhabitants of the middle regions of Africa, some one wo
---------
Who is GCHQ?