VIDEO: How to solve the RSA 2012 #sophospuzzle

Filed Under: Cryptography, Featured, Video

Here is a video showing you how to solve the RSA 2012 crypto puzzle which featured on our conference T-shirts at this year's RSA hootenanny in San Francisco.

We've awarded one NERF gun prize to the first finisher, @trapflag, and a second to Robert Miller, who was randomly chosen (using a hardware random number generator made from coins and playing cards) from the 19 other successful solvers.

Winners, please email me to let me know where to send the prizes.

For those of you who didn't finish, here's how to do it:

(Enjoy this video? Check out more on the SophosLabs YouTube channel.)

The second stage of this puzzle involved writing code to perform a cryptographic brute force attack; although there were numerous optimisations you could apply, there were no short cuts.

That means that you really had to back yourself that your code was correctly written - so well done to all who took part, and especially to the 20 of you who cracked the puzzle in time.

If you enjoy this sort of puzzle, watch this space: we intend to run them regularly. You might also enjoy watching or trying previous #sophospuzzles!


, , , , , , , ,

You might like

6 Responses to VIDEO: How to solve the RSA 2012 #sophospuzzle

  1. philippe · 1295 days ago

    It would be good to point out where you're getting your RFCs next time. The challenge doesn't work with the files on which is the official source of the RFCs. I got bored after trying zipped RFCs from 3 different sources...

    • Jorrit · 1295 days ago

      Uhm, no, is the official source, which it always has been.

    • Paul Ducklin · 1295 days ago

      According to

      "Request for Comments (RFC)

      The first choice below connects to the RFC repository maintained by the IETF. The second choice connects directly to the RFC Editor's Web Page.

      Be advised that there is a brief time period when the two directories will be out of sync. *When in doubt, the RFC Editor Web Page is the authoritative source page*."

      Note that last sentence. If you had a slightly out-of-date version of the RFC ZIP file, you might well have been missing the most recently-added RFCs...and the two I chose for the challenge were very recent indeed. (That wasn't an accident :-)

  2. I have tried to attack the puzzle (RFC part) with this code:

    but I have no solved it :-(

  3. This is sick!! Amazing puzzle :)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog