C 105: Two-Time Pad (85 pts)


One-time pads are very secure, but not if you use the pad more than once. Russia made this error during World War II and it led to complete compromise of their encryption system, as detailed in this book.

What You Need

Any computer with Python 3.

Using a One-Time Pad

Let's use this keystring:
Unbreakable awesome secret secure system
To encrypt this message:
Four score and seven
This Python code does the encryption:
key = "Unbreakable awesome secret secure system"
plaintext = "Four score and seven"

i = 0
ciphertext = ""
for p in plaintext:
  ip = ord(p)
  k = key[i]
  ik = ord(k)
  inew = ip ^ ik
  ciphertext += chr(inew)
  print(p, hex(ip), k, hex(ik), hex(inew))
  i += 1
This program encrypts the string, as shown below.

Decrypting uses the same operation, since XOR reverses itself:

key = "Unbreakable awesome secret secure system"
ciphertext = bytes.fromhex("130117004512080e100945410f1345000a1b004e")

i = 0
plaintext = ""
for c in ciphertext:
  k = key[i]
  ik = ord(k)
  ip = c ^ ik
  p = chr(ip)
  print(c, k, ik, ip, p)
  plaintext += p
  i += 1
This string, is decrypted, as shown below.

C 105.1: Using a Known Key (5 pts)

Use this key:
Wow, what a great key!
Decrypt this ciphertext:
The plaintext is the flag.

C 105.2: Crib Drag (15 pts)

The key starts with:
Both these ciphertexts were encrypted with the same key:
To break this, start with a guess at the key, like this:
This shows the first three letters of the two plaintext messages, as shown below.

From the partial plaintexts, you can guess another letter or two, and use those letters to extend the key. Continue adding one or two letters at a time until you get the whole plaintext. This is called the

crib drag attack. Submit either of the plaintext messages as the flag.

C 105.3: Crib Drag (15 pts)

Both these ciphertexts were encrypted with the same key:
One of the plaintext messages contains the flag.

C 105.4: Crib Drag (50 pts)

Both these ciphertexts were encrypted with the same key:
One of the plaintext messages contains the flag.

Posted 1-15-19
Format fixes 2-24-19
Ported to new scoring engine 7-11-19
Updated to Python 3 7-10-2020