keybase.io & their cipher text challenges
So I was going through my gnupg keyring tonight and realized that I should probably revoke my 2048-bit pgp keys for some stronger 4096-bit variants. I thought to myself that it might be a bit of a pain, my public key is in a few different places that I would have to look up, one of them being keybase.io.
Then I realized, I haven’t checked out their site in a long time. I think I signed up sometime mid-2014, when they were first new and a buddy of mine sent me an invite. I figured I would log in, see if they’ve done anything new to the site, and log off for the night. Well, after clicking around a bit, I notice they’re advertising the fact that they are now hiring.
This: https://keybase.io/jobs takes you to a page with a couple job descriptions, and randomly placed between webpage sections are two seemingly innocuous lines of text:
"XLI VMKLX SJ XLI TISTPI XS OIIT ERH FIEV GVCTXS, WLEPP RSX FI MRJVMRKIH."
"Sid uubd pl qgdbuyd prtu ca ubgqcukca itmo rgod ut ygob zoyk crrkoyoi iqsza 25519."
I thought to myself, hey, they’re challenges. I should be able to crack this.
The first cipher text is what we call a “gimmie”. I knew it had to be a simple shift cipher (a “Caesars cipher”). It’s all caps, and since it’s the first one on the page it’s probably the easiest (the further down you scroll, the more challenging things get, right?). Being lazy as I am, I copied it and pasted into emacs, M-r rot13-region and got:
“KYV IZXYK FW KYV GVFGCV KF BVVG REU SVRI TIPGKF, JYRCC EFK SV ZEWIZEXVU.”
Hmm, well that’s not what I was expecting. ROT13 is probably the most common rotation. Ok fine, let me look at it again.
XLI VMKLX SJ XLI TISTPI XS OIIT ERH FIEV GVCTXS, WLEPP RSX FI MRJVMRKIH
Ah ha, “XLI” is repeated twice. If I had to take a wild guess, I’d say that’s the word “THE”. Lets check letter distances (if you are following along, verify it visually: http://en.wikipedia.org/wiki/English_alphabet):
Well, then it’s ROT-22. Nice. Lets crack it:
THE RIGHT OF THE PEOPLE TO KEEP AND BEAR CRYPTO, SHALL NOT BE INFRINGED.
Awesome. I’m loving keybase.io folks already. Crypto and the 2nd amendment, both near and dear to my heart.
Next up, the 2nd cipher text, this one is likely to be more tricky, as it was further down the page (implying more difficulty):
"Sid uubd pl qgdbuyd prtu ca ubgqcukca itmo rgod ut ygob zoyk crrkoyoi iqsza 25519."
The thing that jumps out is the “25519″. That’s a reference to Curve25519 - an elliptic curve used in ECDH (http://en.wikipedia.org/wiki/Curve25519). “iqsza” happens to be five letters, same with “curve”. Also notice “crrkoyoi” is 8 long, same with “elliptic”.
What’s interesting here, is that this isn’t a Caesar cipher. I’m still going to guess it’s some classical cipher though. One wild guess is it’s a polyalphabetic substitution cipher, since the first challenge was a monoalphabetic substitution.
The next thing I notice, even though it’s a weak analysis, is that not all characters are represented in the ciphertext: v, x, f, and probably more, are missing. This is weak because the ciphertext is so short (not statistically relevant), but, it’s good to know because it leaves the door open to some ciphers.
Also, notice the ciphertext contains an even number of characters (62).
If we guess this to be a digraph based cipher, we see duplicate letter digraphs appear:
si du ub dp lq gd bu yd pr tu ca ub gq cu kc ai tm or go du ty go bz oy kc rr ko yo ii qs za
If this is a playfair cipher, then the key is a natural 25-letter alphabet square.
If I head to http://rumkin.com/tools/cipher/playfair.php and paste in the cipher, (basic key/no key), we get:
The tree of liberty must be refreshed from time to time with elliptic curve 25519.
It seems the folks at keybase.io have a great sense of humor and fun!
[edit] Since I started writing this a few nights ago, keybase has removed their challenges from the page. What gives!