I wanted an encryption service that's more secure than regular DES, but not as slow as 3DES... The flag is not in standard format. nc mercury.picoctf.net 1903 ddes.py
- 1.Connect to get the encrypted flag:
nc mercury.picoctf.net 1903to get
6f745ccee635f76746be185541b9f9c046b8d707f93d0522e2325fb041c59ec7bbbaa818d7c51381. For this challenge we will need a set of plaintext and ciphertext strings so I encrypt
8f45ca8a9264c2aaback as the encrypted data.
- 3.Double DES is vulnerable to a meet-in-the-middle attack. This StackExchange answer explains the attack perfectly. Basically, you start with the plain text, and then you bruteforce every possible key, encrypt the plain text, and store the results in a dictionary. Then, you take the original encrypted data (
8f45ca8a9264c2aain this case) and bruteforce decrypt it using every possible key, storing the results as you go. Then, you find the intersection between the encrypted and decrypted values. The keys corresponding to the overlapping value are the two keys used in the Double DES algorithm.
- 4.This challenge makes the above attack even easier because it only uses 6 bytes (instead of the standard 8 used in DES) and simply uses padding (aka two spaces) for the last 2 bytes. The solve script bruteforces the first and second key using the aforementioned exploit. Then it finds the intersection using Python's
setclass. Finally, now that both keys are known, the encrypted flag is decrypted.