Go solutions to the Matasano Crypto Challenges (http://cryptopals.com/). Solutions to the previous challenges are written in Erlang and can be found here.
- Break an MD4 keyed MAC using length extension (problem, solution, test)
- Implement and break HMAC-SHA1 with an artificial timing leak (problem, solution, test)
- Break HMAC-SHA1 with a slightly less artificial timing leak (problem, solution, test)
- Implement Diffie-Hellman (problem, solution, test)
- Implement a MITM key-fixing attack on Diffie-Hellman with parameter injection (problem, solution, test)
- Implement DH with negotiated groups, and break with malicious "g" parameters (problem, solution, test)
- Implement Secure Remote Password (SRP) (problem, solution, test)
- Break SRP with a zero key (problem, solution, test)
- Offline dictionary attack on simplified SRP (problem, solution, test)
- Implement RSA (problem, solution, test)
- Implement an E=3 RSA Broadcast attack (problem, solution, test)
- Implement unpadded message recovery oracle (problem, solution, test)
- Bleichenbacher's e=3 RSA Attack (problem, solution, test)
- DSA key recovery from nonce (problem, solution, test)
- DSA nonce recovery from repeated nonce (problem, solution, test)
- DSA parameter tampering (problem, solution, test)
- RSA parity oracle (problem, solution, test)
- Bleichenbacher's PKCS 1.5 Padding Oracle (Simple Case) (problem, solution, test)
- Bleichenbacher's PKCS 1.5 Padding Oracle (Complete Case) (problem, solution, test)
- CBC-MAC Message Forgery (problem, solution, test)
- Hashing with CBC-MAC (problem, solution, test)
- Compression Ratio Side-Channel Attacks (problem, solution, test)
- Diffie-Hellman Revisited: Small Subgroup Confinement (problem)
- Pollard's Method for Catching Kangaroos (problem)
- Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks (problem)
- Single-Coordinate Ladders and Insecure Twists (problem)
- Duplicate-Signature Key Selection in ECDSA (and RSA) (problem)
- Key-Recovery Attacks on ECDSA with Biased Nonces (problem)
- Key-Recovery Attacks on GCM with Repeated Nonces (problem)
- Key-Recovery Attacks on GCM with a Truncated MAC (problem)
- Truncated-MAC GCM Revisited: Improving the Key-Recovery Attack via Ciphertext Length Extension (problem)
- Exploiting Implementation Errors in Diffie-Hellman (problem)
- Bleichenbacher's RSA signature forgery based on implementation error (challenge 42)
- The Debian PGP disaster that almost was (challenge 43)
- DSA requirements for random k value (challenge 44)
- Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 (challenges 47 and 48)
- Why I hate CBC-MAC (challenge 49)
- The CRIME attack (challenge 51)