Challenge has ended
September 30th, 2015: Not for lack of scrutiny, no submissions were received and thus our bug and design-flaw finding "challenge" has ended. See below for decryption instructions for both payloads as promised. In hindsight, our challenge could have been worded better to distinguish it from the rest of the typical crypto "challenges." We never realistically expected anyone to break AES256, scrypt, or any of the underlying standardized encryption methods that we used in toplip (least of all for $250k AUD). While we did make specific references to the fact that our challenge was actually about our implementation and code and not about the underlying cryptographic primitives used, there were certainly a fair few comments on the interwebs about our challenge being "yet another [expletive] crypto challenge." In the end, the toplip source code was heavily scrutinized by people from all over the world, and for a free and opensource product we believe this to be a satisfactory outcome. Whether our challenge was in poor taste or not we leave for you to decide. The keys and settings we used to create the throwdown image are now published below:
Main payload extraction
# Note: passphrases are echoed/cleartext below to publish the throwdown. # and it is assumed 2tonThrowdown.png is in our CWD # Be patient, these settings are ridiculous. user@dev:/tmp> toplip -c 3 -i 0x46922e -d 2tonThrowdown.png This is toplip v1.12 © 2015 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip 2tonThrowdown.png Passphrase #1: IBCFzEq2I1ehX/XMmCT5af45R04qyedvVtuh8QPMZz6D+xXuJQD9NHpUwRN/po5GMvRx7iQGV2K1K22b0Q 2tonThrowdown.png Passphrase #2: +EVOKhg4K3u6DMPjOO0dIt9FYct6WW3Jin7lq/N6v8yBsNTOea8RoO01ARw1KvfOHd0nj274EDIXPWbkHtmtBzOD00MLO3U 2tonThrowdown.png Passphrase #3: gT2kmFtBl6B77Jq094im2J5IdlM1wwGbK6zLezNlUeKv5KDCHwJ3D7tYVZp/uJ7IfRs7Jg652oEYOfQVIMuOCFTzjQ # Output Intentionally Suppressed.
Bonus payload extraction
# Note: passphrases are echoed/cleartext below to publish the throwdown. # and it is assumed 2tonThrowdown.png is in our CWD user@dev:/tmp> toplip -d 2tonThrowdown.png This is toplip v1.12 © 2015 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip 2tonThrowdown.png Passphrase #1: Y1RVGOQ8fLjlo/vPR65ixNzIFJI5/bG0ey7YjcRmu+U # Output Intentionally Suppressed.
Expired/Previous Challenge Content:
We appreciate that if and when modern cryptographic systems/programs are broken, it is usually due to implementation errors (and sometimes misinterpretation of specifications themselves), and not the underlying crypto itself. To that end, through September 30th, 2015 we are proudly sponsoring this "Crypto Throwdown" and welcome any and all to break the methods and/or our implementation in toplip, our x86_64 linux command line encryption utility. Full source code is available to toplip itself, along with extensive documentation on our design and the resultant output contained here in our throwdown.
The above image is the actual throwdown source material. To verify that we are playing fairly and that we did not incorporate purely random data in our throwdown image, if at the end of our throwdown period on September 30th, 2015 no successful submissions are received, we will publish the necessary toplip inputs necessary to decrypt the throwdown.
- Submission must be received before September 30th, 2015 AEST
- Submission must be sent to the email address inside the contents
- Submission must include:
- Winner's name, address, phone number and bank details
- The exact decrypted content in its entirety
- Entry/breach methods that we can reproduce (functioning source to break in, or toplip inputs if brute forced/compromised)
- Submission may optionally include the bonus materials as described in the throwdown image. Standalone submission of the bonus materials will not constitute a win.