~fluix/fluix.dev

a14ac8e7d03cd879d67e0e758b2808dd08ab71ef — Steven Guikal 9 days ago f515f7d master
Fix typos
1 files changed, 2 insertions(+), 2 deletions(-)

M content/blog/picoctf-2021-ddes.md
M content/blog/picoctf-2021-ddes.md => content/blog/picoctf-2021-ddes.md +2 -2
@@ 4,7 4,7 @@ date: 2021-04-07
draft: false
---

*Note: This post was originally going to go up on the 30th of Math but PicoCTF requested writeups to be held on to until winners were verified.*
*Note: This post was originally going to go up on the 30th of March but PicoCTF requested writeups to be held on to until winners were verified.*

As stated in my [last post](/blog/status-update-2021-03/), a group of friends and I participated in the 2021 [PicoCTF](https://picoctf.org/) challenge. Having just come to an end, this year's contest was certainly the most enjoyable one for me because of the truly **awesome** people I got to work with, leading us to a second place finish in Canada (7th globally). One of the most interesting, though not particularly challenging, cryptography problems I came across and solved was titled "Double DES." It began with this description and hint:



@@ 52,7 52,7 @@ while True:
        print("Invalid input.")
```

A quick look at the code makes it clear that two random keys made up of 6 digits each are generatored and then used to encrypt the flag with [DES](https://en.wikipedia.org/wiki/Data_Encryption_Standard) which is provided to the user. From there, the user can input any plaintext and get the ciphertext using the same keys. This last part is important because it means the challenge is open to "[known-plaintext attacks](https://en.wikipedia.org/wiki/Known-plaintext_attack)."
A quick look at the code makes it clear that two random keys made up of 6 digits each are generated and then used to encrypt the flag with [DES](https://en.wikipedia.org/wiki/Data_Encryption_Standard) which is provided to the user. From there, the user can input any plaintext and get the ciphertext using the same keys. This last part is important because it means the challenge is open to "[known-plaintext attacks](https://en.wikipedia.org/wiki/Known-plaintext_attack)."

A naive examination of the encryption would suggest that one could bruteforce the correct key out of the 10<sup>12</sup> possible made up from every possible first key (10<sup>6</sup>) for every possible second key (10<sup>6</sup>). However, while certainly possible to do in the timespan of the competition, there exists a significantly better attack called [Meet-in-the-Middle (MITM)](https://en.wikipedia.org/wiki/Meet-in-the-middle_attack). To perform such an attack, we first choose a known plaintext, say "0123456789012345678", and encrypt it with every possible first key:
```py