CodeGate 2009's Challenge 18 - Diffie-Hellman parameter tampering case study
1 Introduction
Last week I joined team CLGT to take part in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CodeGate 2009 organized by BeistLab. There's 21 challenges. This post is about challenge 18 which, IMHO, is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most interesting. You can download full report from CLGT here.
There was only two teams could nail #18, and, unfortunately, we were not one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. We were very close, just minutes away, from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 final solution, but could not manage to solve it before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 contest ended. Anyway, we're writing this writeup because we like it.
This is a cryptography challenge. The objective is to decrypt cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 communication between a server and a client, which play a protocol involving RSA digital signature algorithm [1], Diffie-Hellman Key Protocol Agreement [2], and AES block cipher [3].
Section 2 describes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protocol and its setting in detail. Section 3 discusses some vulnerabilities of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protocol. Section 4 describes how we nail it. Section 5 discusses some ways to fix it. Section 6 concludes.
2 The Protocol
As we s…
Last week I joined team CLGT to take part in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CodeGate 2009 organized by BeistLab. There's 21 challenges. This post is about challenge 18 which, IMHO, is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most interesting. You can download full report from CLGT here.
There was only two teams could nail #18, and, unfortunately, we were not one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. We were very close, just minutes away, from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 final solution, but could not manage to solve it before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 contest ended. Anyway, we're writing this writeup because we like it.
This is a cryptography challenge. The objective is to decrypt cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 communication between a server and a client, which play a protocol involving RSA digital signature algorithm [1], Diffie-Hellman Key Protocol Agreement [2], and AES block cipher [3].
Section 2 describes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protocol and its setting in detail. Section 3 discusses some vulnerabilities of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protocol. Section 4 describes how we nail it. Section 5 discusses some ways to fix it. Section 6 concludes.
2 The Protocol
As we s…