These are my Walkthroughs / solutions to the excellent CryptoPals exercises.  

Throughout this, the original descriptions from the cryptopals.com website are highlighted in blue alert boxes: 

<div class="alert alert-block alert-info">
blue alert box
</div>
    
Please see [cryptopals.com](http://cryptopals.com) for details.

# Contents:

## Set 1 - Crypto Challenge Set 1

<div class="alert alert-block alert-info">
    
This is the qualifying set. We picked the exercises in it to ramp developers up gradually into coding cryptography, but also to verify that we were working with people who were ready to write code. This set is relatively easy. With one exception, most of these exercises should take only a couple minutes. But don't beat yourself up if it takes longer than that. It took Alex two weeks to get through the set! If you've written any crypto code in the past, you're going to feel like skipping a lot of this. Don't skip them. At least two of them (we won't say which) are important stepping stones to later attacks. 

1. [Convert hex to base64](01.ipynb)
2. [Fixed XOR](02.ipynb)
3. [Single-byte XOR cipher](03.ipynb)
4. [Detect single-character XOR](04.ipynb)
5. [Implement repeating-key XOR](05.ipynb)
6. [Break repeating-key XOR](06.ipynb)
7. [AES in ECB mode](07.ipynb)
8. [Detect AES in ECB mode](08.ipynb)
    
</div>

## Set 2 - Crypto Challenge Set 2

<div class="alert alert-block alert-info">
    
This is the first of several sets on **block cipher cryptography**. This is bread-and-butter crypto, the kind you'll see implemented in most web software that does crypto.

This set is relatively easy. People that clear set 1 tend to clear set 2 somewhat quickly.

Three of the challenges in this set are extremely valuable in breaking real-world crypto; one allows you to decrypt messages encrypted in the default mode of AES, and the other two allow you to rewrite messages encrypted in the most popular modes of AES. 

9.  [Implement PKCS#7 padding](09.ipynb)
10. [Implement CBC mode](10.ipynb)
11. [An ECB/CBC detection oracle](11.ipynb)
12. [Byte-at-a-time ECB decryption (Simple)](12.ipynb)
13. [ECB cut-and-paste](13.ipynb)
14. [Byte-at-a-time ECB decryption (Harder)](14.ipynb)
15. [PKCS#7 padding validation](15.ipynb)
16. [CBC bitflipping attacks](16.ipynb)

</div>

## Set 3 - Crypto Challenge Set 3

<div class="alert alert-block alert-info">
    
This is the next set of **block cipher** cryptography challenges (even the randomness stuff here plays into block cipher crypto).

This set is moderately difficult. It includes a famous attack against CBC mode, and a "cloning" attack on a popular RNG that can be annoying to get right.

We've also reached a point in the crypto challenges where all the challenges, with one possible exception, are valuable in breaking real-world crypto.

17. [The CBC padding oracle](17.ipynb)
18. [Implement CTR, the stream cipher mode](18.ipynb)
19. [Break fixed-nonce CTR mode using substitutions](19.ipynb)
20. [Break fixed-nonce CTR statistically](20.ipynb)
21. [Implement the MT19937 Mersenne Twister RNG](21.ipynb)
22. [Crack an MT19937 seed](22.ipynb)
23. [Clone an MT19937 RNG from its output](23.ipynb)
24. [Create the MT19937 stream cipher and break it](24.ipynb)

</div>

## Set 4 - Crypto Challenge Set 4

<div class="alert alert-block alert-info">

This is the last set of **block cipher cryptography challenges**, and also our coverage of **message authentication**.

This set is much easier than the last set. We introduce some new concepts, but the attacks themselves involve less code than, say, the CBC padding oracle.

Things get significantly trickier in the next two sets. A lot of people drop off after set 4.

25. [Break "random access read/write" AES CTR](25.ipynb)
26. [CTR bitflipping](26.ipynb)
27. [Recover the key from CBC with IV=Key](27.ipynb)
28. [Implement a SHA-1 keyed MAC](28.ipynb)
29. [Break a SHA-1 keyed MAC using length extension](29.ipynb)
30. [Break an MD4 keyed MAC using length extension](30.ipynb)
31. [Implement and break HMAC-SHA1 with an artificial timing leak](31.ipynb)
32. [Break HMAC-SHA1 with a slightly less artificial timing leak](32.ipynb)

</div>

## Set 5 - Crypto Challenge Set 5

<div class="alert alert-block alert-info">

This is the first set of **number-theoretic cryptography challenges**, and also our coverage of **message authentication**.

This set is significantly harder than the last set. The concepts are new, the attacks bear no resemblance to those of the previous sets, and... math.

On the other hand, our favorite cryptanalytic attack ever is in this set (you'll see it soon). We're happy with this set. Don't wimp out here. You're almost done!

33. [Implement Diffie-Hellman](33.ipynb)
34. [Implement a MITM key-fixing attack on Diffie-Hellman with parameter injection](34.ipynb)
35. [Implement DH with negotiated groups, and break with malicious "g" parameters](35.ipynb)
36. [Implement Secure Remote Password (SRP)](36.ipynb)
37. [Break SRP with a zero key](37.ipynb)
38. [Offline dictionary attack on simplified SRP](38.ipynb)
39. [Implement RSA](39.ipynb)
40. [Implement an E=3 RSA Broadcast attack](40.ipynb)

</div>