# Starting The Matasano Crypto Challenges

For some time I've been aware of Matasano Security. One of their founders is an active participant on Hacker News and Matasano itself performs penetration testing and security audits on GitHub.

I've also been aware of their Crypto Challenges. Similar to Wargames, which I run for Sydney University's Computer & Network Security course, Matasano's Crypto Challenges introduce you to the issues and vulnerabilities behind real world cryptography.

The issue with this is commitment. To start the challenges, there's no sign up button -- you actually need to contact them by email. If this was a start-up trying to acquire customers, we'd have revoked their right to funding by now. I'm sure the fools would even pull their funding.

They're not a start-up though. They're likely limiting it for two reasons. First, they end up with a smaller but more attentive group. Second, they don't want the questions leaking out so it becomes a competition of "Google for the answer". Both I can understand, but it still certainly made registration a long process for me. I was finally nudged along by a reminder that they exist and they're awesome.

When I finally sent an email requesting to start the challenges, I may have gone slightly overboard on the commitment...

I want in to The Matasano Crypto Challenges.

I'd commit Bitcoins, but I have far too little computing power to successfully mine them and haven't broken SHA256 to make mining easier (chosen prefix or otherwise).

Whilst I'm from Australia, I'll be heading to Harvard for a Masters of Computer Science In late August. For the bit commitment, I propose a coin toss.

If you win, I buy up to three (3) units of beverage for you and/or friends should we meet in the future. If you lose, I obtain one (1) unit of beverage should we meet in the future.

Naive bit commitment algorithm (Python):

>>> import hashlib
>>> import hmac
>>> import random
>>> secret = 32 character string
>>> hmac.new(secret, toss, hashlib.sha256).hexdigest()
'79525aa50d45f77988ca1cc265a36ee48381f2c46f50459a8a1576ac6dc01475'
>>> hashlib.sha256(secret).hexdigest()