Wednesday, November 2, 2011

Answers to the NEOISF Crypto Challenge

If you were at the 2011 Information Security Summit last week, you may have come across the Northeast Ohio Information Security Forum's booth and saw the crypto challenge I created for it.

The challenge was a series of three encoded messages, each more difficult than the last. It seemed to be popular as I had printed off 50 copies of the challenge and they were all gone by Friday morning. Only 2 people, that I know of, finished it (although more may have and just not told me).

The first encoded message was:
Olgrf Rapelcgrq Ner Yrff Rnfl!
This was a ROT13 message that when decoded changed to:
Bytes Encrypted Are Less Easy!
The second message was a bit harder.

Tymxmu Svpvwmeh sg xhp fpskwiu ms elf oej


To make it a little easier, a hint was given to use the first letter of every word from the first solution as the key. This was actually another hint that a key was even required to decode the message. The original message had been encrypted using a Vignere Cipher. Decrypting the message, using the key "BEALE" would produce the following message:
Summit Overview of the booklet is the key
The final puzzle was the hardest of all. The encoded message was:

10 11 32 35 177 42 50 54 44 50 42 82 132 71 100 157 54 60 147 66 50 193 3 60 81 100 157 75 36 106

The hint for this puzzle was "Items from the first two solutions will help you figure this one out!" Each of the first two solutions gave some type of clue as to the cipher used for the last one. The first puzzle's hint was the key for the second puzzle: BEALE.

If anyone searched for BEALE, they would have eventually come across the Beale Ciphers, encoded messages that supposedly point to buried treasure. The only message successfully decoded thus far used the Declaration of Independence as a key. To decode it, you find the word corresponding to the number you are given and take its first letter. IE. If you have a 10, find the 10th word and use its first letter. When you put all of these together you get the decoded message.

This is what you would have to do in order to solve the third puzzle. But what book do you use to decipher it? That is where the answer to the second message comes in. The solutions tells you to use the welcome page in the information security summit booklet. By taking the first letter of each word of the corresponding number, you would eventually get the following message:
now there are no more secrets for you

I hope that those who did this found it fun. I'd love to do another next year, but on a bigger scale. If anyone has any suggestions, I'd love to hear them!