Usable Crypto Capture the Flag Challenge
Last week, during USENIX’s first Enigma conference, EFF hosted a small Capture the Flag hacking competition. I designed one of the challenges myself, entitled Usable Crypto. It requires you to use PGP as an attacker rather than a defender. It’s on the easy side, as far as CTF challenges go, and I think many people who have absolutely no hacking skills but some fumbling-around-with-PGP skills could beat it without too much trouble. And it might even demonstrate why verifying fingerprints really is rather important.
If you’d like to give it a go, it’s live at https://usable-crypto.ctf.micahflee.com/. The plot for Enigma’s CTF was loosely based off of Cory Doctorow’s novel Little Brother. You’re an X-NET hacker fighting the surveillance state’s Department of National Security. You win when you capture the flag, which is a string of text that starts with “FLAG_” (but please don’t post it in the comments).
Legacy comments, imported from previous version of this blog:
I made a script to generate PGP keys and output it's public key to the clipboard to save me some time :)
rm key.pub rm key.sec echo 'deleted old keys' cat > gpgparams <<EOF Key-Type: RSA Key-Length: 2048 Key-Usage: encrypt Subkey-Type: RSA Subkey-Length: 2048 Name-Real: Dept of National Security Agent Name-Email: email@example.com Expire-Date: 7 %pubring key.pub %secring key.sec EOF
echo 'Generating key..' gpg --gen-key --armor --batch gpgparams echo 'Done' cat key.pub | xclip -selection clipboard echo 'pub key copied to clipboard!'