Micah Lee

Usable Crypto Capture the Flag Challenge

Posted February 6, 2016 in hackers openpgp

Last week, during USENIX’s first Enigma conference, EFF hosted a small Capture the Flag hacking competition. I designed one of the challenges myself, entitled Usable Crypto. It requires you to use PGP as an attacker rather than a defender. It’s on the easy side, as far as CTF challenges go, and I think many people who have absolutely no hacking skills but some fumbling-around-with-PGP skills could beat it without too much trouble. And it might even demonstrate why verifying fingerprints really is rather important.

If you’d like to give it a go, it’s live at https://usable-crypto.ctf.micahflee.com/. The plot for Enigma’s CTF was loosely based off of Cory Doctorow’s novel Little Brother. You’re an X-NET hacker fighting the surveillance state’s Department of National Security. You win when you capture the flag, which is a string of text that starts with “FLAG_” (but please don’t post it in the comments).

Legacy comments, imported from previous version of this blog:

Jasper

July 2, 2016 10:47 AM

I made a script to generate PGP keys and output it's public key to the clipboard to save me some time :)

! /bin/bash

rm key.pub rm key.sec echo 'deleted old keys' cat > gpgparams <<EOF Key-Type: RSA Key-Length: 2048 Key-Usage: encrypt Subkey-Type: RSA Subkey-Length: 2048 Name-Real: Dept of National Security Agent Name-Email: ag[email protected] Expire-Date: 7 %pubring key.pub %secring key.sec EOF

echo 'Generating key..' gpg --gen-key --armor --batch gpgparams echo 'Done' cat key.pub | xclip -selection clipboard echo 'pub key copied to clipboard!'

Micah Lee is a journalist, security engineer, and software developer. He's the author of Hacks, Leaks, and Revelations, and he's in charge of infosec at The Intercept. Read more →

Buy Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data

Creative Commons License

Blog posts are licensed under Creative Commons Attribution-NonCommercial. You are free to share and adapt this content, but you must give me credit, you can't use it for commercial purposes, and if you make adaptations (like a translation), you must make it clear that it has been modified.

Subscribe to feed