Usable Crypto Capture the Flag Challenge

Last week, during USENIX’s first Enigma conference, EFF hosted a small Capture the Flag hacking competition. I designed one of the challenges myself, entitled Usable Crypto. It requires you to use PGP as an attacker rather than a defender. It’s on the easy side, as far as CTF challenges go, and I think many people who have absolutely no hacking skills but some fumbling-around-with-PGP skills could beat it without too much trouble. And it might even demonstrate why verifying fingerprints really is rather important.

If you’d like to give it a go, it’s live at The plot for Enigma’s CTF was loosely based off of Cory Doctorow’s novel Little Brother. You’re an X-NET hacker fighting the surveillance state’s Department of National Security. You win when you capture the flag, which is a string of text that starts with “FLAG_” (but please don’t post it in the comments).

One thought on “Usable Crypto Capture the Flag Challenge

  1. Jasper

    I made a script to generate PGP keys and output it’s public key to the clipboard to save me some time 🙂

    #! /bin/bash
    rm key.sec
    echo ‘deleted old keys’
    cat > gpgparams <<EOF
    Key-Type: RSA
    Key-Length: 2048
    Key-Usage: encrypt
    Subkey-Type: RSA
    Subkey-Length: 2048
    Name-Real: Dept of National Security Agent
    Name-Email: agent@dns.spy
    Expire-Date: 7
    %secring key.sec

    echo 'Generating key..'
    gpg –gen-key –armor –batch gpgparams
    echo 'Done'
    cat | xclip -selection clipboard
    echo 'pub key copied to clipboard!'


Leave a Reply

Your email address will not be published. Required fields are marked *