All Challenges

367 published challenges (in level I, II, III and X), sorted by:
Show challenges:

Description
Ready for the third Elliptic Boogaloo? In this challenge, we dance on elliptical curves and try to forge digital signatures. But some hints went missing. However, a nasty encryption algorithm prevents us from putting the necessary pieces of the puzzle together. Can you still manage to forge a signature?

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Ready for the second Elliptic Boogaloo? In this challenge, we dance on elliptical curves and try to forge digital signatures. But some hints went missing. Can you still forge a signature?

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Ready for the Elliptic Boogaloo? In this challenge, we dance on elliptic curves and try to forge digital signatures.

Solve this challenge
2 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This challenge is a puzzle about a mysterious ciphertext, which is also protected by a clever disguise. Can you crack it?

Solve this challenge
20 users have already solved this challenge, 36 are working on it.
You need to be logged in to solve this challenge.

Description
An English plaintext of length 4272 was encrypted with the Hutton cipher, a pen-and-paper cipher from 2018. The length of the two passwords is also known. Can you successfully perform a ciphertext-only attack?

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Unlock the secrets of the Hutton cipher, a pen-and-paper cipher from 2018. Can you crack the ciphertext?

Solve this challenge
4 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Unlock the secrets of the Hutton cipher, a pen-and-paper cipher from 2018. Can you crack the ciphertext?

Solve this challenge
4 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Unlock the secrets of the Hutton cipher, a pen-and-paper cipher that has baffled cryptographers since 2018. Can you reconstruct the keywords used?

Solve this challenge
19 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Unlock the secrets of the Hutton cipher, a pen-and-paper cipher that has baffled cryptographers since 2018. Can you crack the ciphertext?

Solve this challenge
19 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
The Josse cipher is a polyalphabetic cipher from the time of the Franco-Prussian War. Its description was lost. It was only rediscovered and published in 2020. In these challenges you are to decipher several, increasingly shorter ciphertexts.

Solve this challenge
13 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Josse cipher is a polyalphabetic cipher from the time of the Franco-Prussian War. Its description was lost. It was only rediscovered and published in 2020. In these challenges you are to decipher several, increasingly shorter ciphertexts.

Solve this challenge
15 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Josse cipher is a polyalphabetic cipher from the time of the Franco-Prussian War. Its description was lost. It was only rediscovered and published in 2020. In these challenges you are to decipher several, increasingly shorter ciphertexts.

Solve this challenge
15 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the fourteenth challenge in a series of 16 level-3 challenges with the SZ42. In this "Breaking" challenge you are only provided with one ciphertext. Can you find the MU-, CHI-, and PSI wheel patterns and decrypt the ciphertext?

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Syllabary cipher seems to be just another substitution cipher. This time, the table got mixed up. Is a solution even possible? Find it out!

Solve this challenge
13 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Syllabary cipher seems to be just another substitution cipher, but is it? Find out and solve its mystery! All keys went missing...

Solve this challenge
13 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Syllabary cipher seems to be just another substitution cipher, but is it? Find out and solve its mystery! But this time, the table is weird...

Solve this challenge
19 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Syllabary cipher seems to be just another substitution cipher, but is it? Find out and solve its mystery! A key got missing...

Solve this challenge
25 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
The Syllabary cipher seems to be just another substitution cipher, but is it? Find out and solve its mystery!

Solve this challenge
222 users have already solved this challenge, 34 are working on it.
You need to be logged in to solve this challenge.

Description
The legendary Merkle-Hellman Knapsack cryptosystem can also be used for public-key encryption. Is the cryptosystem secure or can you crack the ciphertext?

Solve this challenge
16 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
The legendary Merkle-Hellman Knapsack cryptosystem is not suitable for hiking, but it is considered a pioneer of asymmetric cryptography. Can you crack the ciphertext?

Solve this challenge
68 users have already solved this challenge, 11 are working on it.
You need to be logged in to solve this challenge.

Description
The historical Hill cipher uses matrix-vector multiplications to encrypt blocks of letters. Can you find the inverse matrix and recover the plaintext?

Solve this challenge
12 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
A more difficult and even more interesting sequel to the "Alberti Challenge - Part 1". Will you manage to crack this puzzle this time as well?

Solve this challenge
10 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge is about one of the oldest polyalphabetic ciphers. Can you crack this centuries-old puzzle?

Solve this challenge
137 users have already solved this challenge, 20 are working on it.
You need to be logged in to solve this challenge.

Description
This cipher is a new take on the well-known Vigenère cipher. It has been designed to fix its "brother's" weaknesses. Can you find another weakness?

Solve this challenge
11 users have already solved this challenge, 8 are working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the last challenge in a series of 13 level-2 challenges with the SZ42. In this "key breaking" challenge you are provided with one ciphertext and parts of the corresponding plaintext. Can you find the MU wheel patterns and decrypt the ciphertext?

Solve this challenge
8 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the twelfth challenge in a series of 13 level-2 challenges with the SZ42. In this "key breaking" challenge you are provided with one ciphertext and parts of the corresponding plaintext. Can you find the PSI wheel patterns and decrypt the ciphertext?

Solve this challenge
9 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The SIGABA CSP-2900 was a highly secure encryption machine used by the US for strategic communication in WWII. In this series of challenges, you are provided with a ciphertext and a partially-known plaintext, here with the length of 200 and 100 characters.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA CSP-2900 was a highly secure encryption machine used by the US for strategic communication in WWII. In this series of challenges, you are provided with a ciphertext and a partially-known plaintext, here with the length of 270 and 120 characters.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA CSP-2900 was a highly secure encryption machine used by the US for strategic communication in WWII. In this series of challenges, you are provided with a ciphertext and a partially-known plaintext, here with the length of 320 and 120 characters.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA CSP-889 was a highly secure encryption machine used by the US for strategic communication in WWII. In this series of challenges, you are provided with a ciphertext and a partially-known plaintext, here with the length of 200 and 100 characters.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA CSP-889 was a highly secure encryption machine used by the US for strategic communication in WWII. In this series of challenges, you are provided with a ciphertext and a partially-known plaintext, here with the length of 270 and 120 characters.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA CSP-889 was a highly secure encryption machine used by the US for strategic communication in WWII. In this series of challenges, you are provided with a ciphertext and a partially-known plaintext, here with the length of 320 and 120 characters. Update June 2021: We replaced the used key (and this changed the ciphertext) since a part of the previous used key was leaked in the newest SIGABA template of CrypTool 2.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Wheatstone Cryptograph is a simple device that resembles a clock with two hands. For each hand there is a ring of symbols. In this challenge the key is a random permutation of the english alphabet. Are you able to decrypt the given ciphertext?

Solve this challenge
15 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Wheatstone Cryptograph is a simple device that resembles a clock with two hands. For each hand there is a ring of symbols. Are you able to decrypt the given ciphertext?

Solve this challenge
105 users have already solved this challenge, 8 are working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the eleventh challenge in a series of 13 level-2 challenges with the SZ42. In this "key breaking" challenge you are provided with one ciphertext and the corresponding plaintext. Can you find the wheel patterns?

Solve this challenge
4 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the tenth challenge in a series of 13 level-2 challenges with the SZ42. In this "key breaking" challenge you are provided with one ciphertext and the corresponding plaintext. Can you find the wheel patterns? Update January 2021: The starting positions for the CHI wheels were added.

Solve this challenge
5 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This series deals with a grid — a basic tool cryptographers use to separate sequences of data into columns and rows. In this challenge you are given three grids where the first grid gives you hints to reveal the plaintext of the second grid. Are you able to find the right route?

Solve this challenge
33 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
This series deals with a grid — a basic tool cryptographers use to separate sequences of data into columns and rows. In this challenge you are given four grids where the first grid gives you hints to reveal the plaintext of the second grid. Are you able to find the right route?

Solve this challenge
35 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the ninth challenge in a series of 13 level-2 challenges with the SZ42. In this "setting" challenge you are provided with only one ciphertext; the patterns for all the wheels are known as well as the starting positions for the CHI wheels. Can you find the starting positions for both the MU and PSI wheels and decrypt the ciphertext?

Solve this challenge
13 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the eighth challenge in a series of 13 level-2 challenges with the SZ42. In this "setting" challenge you are provided with only one ciphertext; the patterns for all the wheels are known as well as the starting positions for the CHI and PSI wheels. Can you find the starting positions for the MU wheels and decrypt the ciphertext?

Solve this challenge
14 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This series deals with a grid — a basic tool cryptographers use to separate sequences of data into columns and rows. In this challenge you are given two grids where the first grid gives you hints to reveal the plaintext of the second grid. Are you able to find the right route?

Solve this challenge
94 users have already solved this challenge, 20 are working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the seventh challenge in a series of 13 level-2 challenges with the SZ42. In this "setting" challenge you are provided with only one ciphertext; the patterns for all the wheels are known as well as the starting positions for the CHI and MU wheels. Can you find the starting positions for the PSI wheels and decrypt the ciphertext?

Solve this challenge
13 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the sixth challenge in a series of 13 level-2 challenges with the SZ42. In this "setting" challenge you are provided with only one ciphertext and the patterns for all five CHI wheels are known. Can you find the starting positions for the five CHI wheels?

Solve this challenge
14 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the fifth challenge in a series of 13 level-2 challenges with the SZ42. In this "setting" challenge you are provided with only one ciphertext and the patterns for CHI1 and CHI2 wheels are known. Can you find the starting positions for CHI1 and CHI2?

Solve this challenge
16 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the fourth challenge in a series of 13 level-2 challenges with the SZ42. In this "setting" challenge you are provided with only one ciphertext and the patterns for CHI1 and CHI2 wheels are known. Can you find the starting positions for CHI1 and CHI2?

Solve this challenge
16 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the third challenge in a series of 13 level-2 challenges with the SZ42. Here, you are provided with 2 in-depth ciphertexts and a limitation is used. Can you recover the plaintexts?

Solve this challenge
16 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the second challenge in a series of 13 level-2 challenges with the SZ42. Here, you are provided with 4 in-depth ciphertexts and a limitation is used. Can you recover the plaintexts?

Solve this challenge
18 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the first challenge in a series of 13 Level-2 challenges with the SZ42. Here, you are provided with 8 in-depth ciphertexts. Can you recover the plaintexts?

Solve this challenge
19 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This is part 3 of the challenge series about lattice-based cryptography schemes. This challenge introduces an encryption scheme which uses systems of linear equations. Can you decrypt a message without knowing the key?

Solve this challenge
37 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Lattice-based cryptography schemes are relevant for current post-quantum cryptography research. This challenge series accompanies the basic theory from a chapter of the CrypTool Book called "LIGHTWEIGHT INTRODUCTION TO LATTICES". This part of the challenge series uses vectors to hide a famous quote in modern art. Can you reveal it?

Solve this challenge
44 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
Lattice-based cryptography schemes are relevant for current post-quantum cryptography research. This challenge series accompanies the basic theory from a chapter of the CrypTool Book called "LIGHTWEIGHT INTRODUCTION TO LATTICES". In this part of the challenge series we introduce systems of linear equations to find a hidden message in a picture.

Solve this challenge
61 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from a T52E ciphertext and a crib. The key is partially known.

Solve this challenge
3 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from a T52D ciphertext and a crib. The key is unknown.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from a T52AB ciphertext and a crib. The key is unknown.

Solve this challenge
7 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from a T52D ciphertext and a crib. The key is partially known.

Solve this challenge
5 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from T52D ciphertexts "in-depth". You are also provided with cribs for each message. The key is unknown.

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from T52E ciphertexts "in-depth". You are also provided with cribs for each message. The key is partially known.

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This part of the challenge series introduces polyhomophonic substitution. In a polyhomophonic substitution cipher, each ciphertext symbol can represent one of several plaintext symbols, and each plaintext letter can be encrypted as one of several ciphertext letters. The key is a mapping from the set of plaintext symbols to the set of ciphertext symbols.

Solve this challenge
18 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in the first five parts of this series of challenges, you are provided with a partial known-plaintext. However, in this part you get no information about the key.

Solve this challenge
1 user has already solved this challenge.
You need to be logged in to solve this challenge.

Description
This part of the challenge series is a warm-up with polyphonic substitution. In a polyphonic substitution cipher, more than one plaintext letter are encrypted to the same ciphertext symbol. The key is a mapping from the set of plaintext symbols to the set of ciphertext symbols.

Solve this challenge
29 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in the first four parts of this series of challenges, you are provided with a partial known-plaintext, and some information about the key settings. However, in this part you get even less information about the key.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This part of the challenge series is a warm-up with homophonic substitution. In a homophonic substitution cipher, there are more than one ciphertext symbol for each plaintext symbol. The key is a mapping.

Solve this challenge
56 users have already solved this challenge, 7 are working on it.
You need to be logged in to solve this challenge.

Description
The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in the first three parts of this series of challenges, you are provided with a partial known-plaintext, and some information about the key settings. However, in this part you get even less information about the key.

Solve this challenge
5 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in part 1 and part 2 of this series of challenges, you are provided with a partial known-plaintext, and some information about the key settings. However, in this part you get even less information about the key.

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in part 1 of this series of challenges, you are provided with a partial known-plaintext, and some information about the key settings. However, in this part you get less information about the key.

Solve this challenge
9 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. It is believed that the German codebreakers were unable to make any inroads against SIGABA. In this part of the series of challenges, you are provided with a partial known-plaintext, and some information about the key settings.

Solve this challenge
10 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
LoRa calculates the ciphertext by using a logic expression as key. The ciphertext unusually contains large bitstreams too. Could you find the logic expression from a given ciphertext?

Solve this challenge
28 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge series introduces in detail the handling of the differential cryptanalysis (DCA). In the first two challenges you have to decrypt encrypted images and enter the code shown in the images. The second challenge requires filtering.

Solve this challenge
5 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This is part two of the two polyphonic cipher challenges, where again two or more plaintext letters correspond to one cipher symbol. Can you solve such a cipher?

Solve this challenge
23 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge series introduces in detail the handling of the differential cryptanalysis (DCA). In the first two challenges you have to decrypt encrypted images and enter the code shown in the images. The first challenge needs no filtering, as only valid plaintext-ciphertext pairs are delivered.

Solve this challenge
5 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
In a polyphonic cipher, two or more plaintext letters correspond to one ciphertext symbol.

Solve this challenge
25 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Determine which type of classic cipher was used to generate each of 500 ciphertext messages. The ciphers used in this challenge are simple substitution, columnar transposition, Vigenère, Playfair, and Hill.

Solve this challenge
18 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from one T52C ciphertext. The key is unknown.

Solve this challenge
3 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from one T52AB ciphertext. The key is unknown.

Solve this challenge
3 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover the plaintexts from T52D ciphertexts "in-depth". The key is unknown.

Solve this challenge
2 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Like the MONOALPHABETIC SUBSTITUTION WITH CAMOUFLAGE series of challenges, this two-part challenge considers a modification of the classic simple substitution cipher achieved by randomly introducing decoy characters into the ciphertext in encryption which are then ignored in decryption. In part 2, the plaintext is first divided into two parts, then each part will be encrypted separately.

Solve this challenge
21 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Like the MONOALPHABETIC SUBSTITUTION WITH CAMOUFLAGE series of challenges, this two-part challenge considers a modification of the classic simple substitution cipher achieved by randomly introducing decoy characters into the ciphertext in encryption which are then ignored in decryption. In part 1, the cipher uses a key which devides the ciphertext alphabet into signal characters and noise characters.

Solve this challenge
22 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext from a T52ca ciphertext. The key is partially known. You are also provided with a crib.

Solve this challenge
9 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext from a T52c ciphertext. The key is partially known. You are also provided with a crib.

Solve this challenge
9 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext from six "in-depth" ciphertexts built with T52ca. You are also provided with cribs for each message.

Solve this challenge
8 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext from six "in-depth" ciphertexts built with T52a/b. You are also provided with cribs for each message.

Solve this challenge
8 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext from six "in-depth" ciphertexts built with T52c. The key is partially known. You are also provided with cribs for each message.

Solve this challenge
10 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext from ten "in-depth" ciphertexts built with T52ca. The key is partially known.

Solve this challenge
7 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext from ten "in-depth" ciphertexts built with T52c. The key is partially known.

Solve this challenge
7 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext from ten "in-depth" ciphertexts built with T52ab. The key is partially known.

Solve this challenge
7 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext only from a T52ab ciphertext. The key is partially known.

Solve this challenge
13 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext only from a T52d ciphertext. The key is partially known.

Solve this challenge
15 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext only from a T52c ciphertext. The key is partially known.

Solve this challenge
19 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of challenges with T52. In this challenge, you need to recover the plaintext only from a T52ab ciphertext. The key is partially known.

Solve this challenge
20 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Vatican owns some encrypted manuscripts waiting for decryption. Can you find the solution for an archive manuscript from 1539-1548?

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Vatican owns some encrypted manuscripts waiting for decryption. Can you find the solution for an archive manuscript from 1535/1536?

Solve this challenge
1 user has already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Vatican owns some encrypted manuscripts waiting for decryption. Can you find the solution for a message from 1721?

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Handycipher is a low-tech stream cipher, simple enough to permit pen-and-paper encrypting and decrypting of messages, while providing a significantly high level of security. Handycipher was first published in 2014 and further improved in 2015 and 2016. Part 10 of the Handycipher series presents the same challenge as Part 9 but with a different key choice. It is a ciphertext-only challenge.

Solve this challenge
1 user has already solved this challenge.
You need to be logged in to solve this challenge.

Description
Part 2 of the series "Handycipher made in love" is almost identical to Part 1 except that the solution you are asked for is the correct key that Alice used to produce the ciphertext rather than the short message embedded in the plaintext.

Solve this challenge
22 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Homophonic encryption is a modified version of the monoalphabetic substitution: One plaintext symbol can be substituted by more than one ciphertext symbol. In part 4 of this series we consider a distribution of the homophones based on English language statistics like in part 2, but the alphabet doesn't contain the blank. This is a ciphertext-only challenge. Try to crack the ciphertext and extract a specific word from the plaintext.

Solve this challenge
37 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Homophonic encryption is a modified version of the monoalphabetic substitution: One plaintext symbol can be substituted by more than one ciphertext symbol. In part 3 of this series every plaintext symbol has the same number of possible substitutions like in part 1, but the alphabet doesn't contain the blank. This is a ciphertext-only challenge. Try to crack the ciphertext and extract a specific word from the plaintext.

Solve this challenge
37 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Homophonic encryption is a modified version of the monoalphabetic substitution: One plaintext symbol can be substituted by more than one ciphertext symbol. In part 2 of this series we consider a distribution of the homophones based on English language statistics. This is a ciphertext-only challenge. Try to crack the ciphertext and extract a specific word from the plaintext.

Solve this challenge
39 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Homophonic encryption is a modified version of the monoalphabetic substitution: One plaintext symbol can be substituted by more than one ciphertext symbol. In part 1 of this series every plaintext symbol has the same number of possible substitutions. This is a ciphertext-only challenge. Try to crack the ciphertext and extract a specific word from the plaintext.

Solve this challenge
44 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Strange things happen when you're in love. This challenge is about how the plaintext can be revealed when Handycipher is used in a wrong way.

Solve this challenge
28 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
What would Nostradamus do to make a mono-alphabetic substitution harder to break?

Solve this challenge
38 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
Solving this challenge is not as hard as finding the needle in a haystack, isn't it?

Solve this challenge
212 users have already solved this challenge, 39 are working on it.
You need to be logged in to solve this challenge.

Description
Once upon a time, there was a three-part challenge which was inspired by Kryptos and is based on a fairy tale. Can you solve this mysterious challenge?

Solve this challenge
0 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
Once upon a time, there was a three-part challenge which was inspired by Kryptos and is based on a fairy tale. Can you solve this mysterious challenge?

Solve this challenge
2 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Once upon a time, there was a three-part challenge which was inspired by Kryptos and is based on a fairy tale. Can you solve this mysterious challenge?

Solve this challenge
9 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
On November 3rd, 1509, Catherine of Aragon wrote an encrypted letter to her father. What did she tell him?

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Three messages were delivered — two encrypted, one in clear. Can you solve the puzzle?

Solve this challenge
33 users have already solved this challenge, 42 are working on it.
You need to be logged in to solve this challenge.

Description
You are given a part of a keystream, which was produced by a filter generator. Can you find the missing keystream bytes?

Solve this challenge
20 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The autokey cipher uses only a short keyword and the plaintext to encrypt messages. Are you able to break the given ciphertext?

Solve this challenge
193 users have already solved this challenge, 14 are working on it.
You need to be logged in to solve this challenge.

Description
What do you know about modular sequences? Work it out.

Solve this challenge
83 users have already solved this challenge, 38 are working on it.
You need to be logged in to solve this challenge.

Description
Sniffing on the WiFi, you notice an ElGamal encrypted message. Are you able to compute it?

Solve this challenge
37 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
Buying a train ticket via credit card should not be a problem — actually. Can you solve the subset-sum problem to get your train?

Solve this challenge
40 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
During your summer job in an Austrian weekly magazine a mysterious letter arrives. Are you able to decrypt the message?

Solve this challenge
59 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
The challenges for the weakened ElsieFour serve as an exercise and use an intentionally weakened version of LC4. ElsieFour combines ideas of modern RC4 stream cipher, historical Playfair cipher and plaintext-dependent keystreams. It can be computed manually. Part 2 is a partly-known key challenge which provides 12 consecutive characters of the key.

Solve this challenge
1 user has already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
The challenges for the weakened ElsieFour serve as an exercise and use an intentionally weakened version of LC4. ElsieFour combines ideas of modern RC4 stream cipher, historical Playfair cipher and plaintext-dependent keystreams. It can be computed manually. Part 1 is a partly-known key challenge which provides the first 12 characters of the key.

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
How many experience points does Thomas need to reach the 200th level of his new computer game?

Solve this challenge
124 users have already solved this challenge, 20 are working on it.
You need to be logged in to solve this challenge.

Description
The Secret Archives of the Vatican keep a large collection of ciphertexts from papal correspondence. The keys of these manuscripts have been destroyed, or are kept elsewhere and been forgotten. Can you find out how to decipher the letter from March 14, 1625?

Solve this challenge
3 users have already solved this challenge.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on June 20, 2018, 12:26 a.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
The Main Library of the Vatican owns some encrypted manuscripts, waiting for decryption. Can you find the solution to the letter from 1628?

Solve this challenge
3 users have already solved this challenge.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on June 20, 2018, 12:25 a.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
The hero of the book has to decode a manuscript — seven lines of it are here for you. These lines were encoded with a mixture of classic methods — anagrams, two position-dependent monoalphabetic substitutions and Atbash. Can you help him?

Solve this challenge
62 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
What do you do, if your father and your stepmother decide to communicate only encrypted? You tape-record the messages. But what do the two of them really talk about?

Solve this challenge
48 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
Decrypting a Christmas carol to help children in need? It's not that easy, if you don't know much about cryptography. Can you help Jacob and the children?

Solve this challenge
45 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Do you believe that AES is easy to break because of a wrong encoding? Try it yourself...

Solve this challenge
29 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
Mike would like to belong to the cryptographers. Can you help him to find out their meeting point at the Christmas market?

Solve this challenge
57 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
Little Anna has forgotten how to decrypt her ciphertext. Can you come up to her pre-Christmas wish?

Solve this challenge
508 users have already solved this challenge, 26 are working on it.
You need to be logged in to solve this challenge.

Description
Are you able to crack the password of Radomil and find the missing 5 digits?

Solve this challenge
124 users have already solved this challenge, 68 are working on it.
You need to be logged in to solve this challenge.

Description
Hilly is an improved version of Hill cipher. This challenge consists of the decryption of a ciphertext by means of a partly-known key.

Solve this challenge
1 user has already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The challenges for the weakened ElsieFour serve as an exercise and use an intentionally weakened version of LC4. ElsieFour combines ideas of modern RC4 stream cipher, historical Playfair cipher and plaintext-dependent keystreams. It can be computed manually. Part 3 is a partly-known-plaintext challenge which provides 2 messages that were encrypted with the same key.

Solve this challenge
4 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
ElsieFour combines ideas of modern RC4 stream cipher, historical Playfair cipher and plaintext-dependent keystreams. It can be computed manually. Part 1 is a partly-known-plaintext challenge which provides 2 messages that were encrypted with the same key.

Solve this challenge
4 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
From a honeypot you get a set of encrypted files and the according plaintext files. Could you discover the used key, to help victims of the ransom ware?

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Holographic encryption can be performed by employing encryption masks which alter the field before propagation. This makes the image unrecognizable when recorded. You are given three holograms that represent the cipher image and three plain images and their holograms which were encrypted with the same encryption masks.

Solve this challenge
3 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Holographic encryption can be performed by employing encryption masks which alter the field before propagation. This makes the image unrecognizable when recorded. You are given three holograms that represent the cipher image and two corrupted encryption masks.

Solve this challenge
7 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Hilly is an improved version of the Hill cipher. This challenge consists of the decryption of a ciphertext by means of a given plaintext-ciphertext pair.

Solve this challenge
9 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 9 is the same as Part 6, but uses an improved version of the cipher. It is a ciphertext-only challenge.

Solve this challenge
3 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 8 is the same as Part 5, but uses an improved version of the cipher. You are given the ciphertext and 229 letters occuring at an unknown location in the plaintext.

Solve this challenge
3 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 7 is the same as Part 4, but uses an improved version of the cipher. You are given the ciphertext and the first 229 letters of the plaintext.

Solve this challenge
2 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This series consists of 5 challenges based on each other. It introduces a new three-step cipher called ASAC, which is a modified version of ADFGVX. Part 5 is a "bonus" and just modifies the second challenge of this series by improving the second step of the cipher.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This series consists of 5 challenges based on each other. It introduces a new three-step cipher called ASAC, which is a modified version of ADFGVX. Part 4 uses the complete cipher and is the main challenge of this series.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This series consists of 5 challenges based on each other. It introduces a new three-step cipher called ASAC, which is a modified version of ADFGVX. Part 3 involves the complete cipher but weakens the third step by using a single-column transposition instead of a double column transposition.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This series consists of 5 challenges based on each other. It introduces a new three-step cipher called ASAC, which is a modified version of ADFGVX. Part 2 uses only the first two steps of the cipher.

Solve this challenge
1 user has already solved this challenge.
You need to be logged in to solve this challenge.

Description
This series consists of 5 challenges based on each other. It introduces a new three-step cipher called ASAC, which is a modified version of ADFGVX. Part 1 is meant as an introduction and uses only the first step of ASAC.

Solve this challenge
19 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The Weakened Handycipher challenges serve as an exercise and use an intentionally weakened version of Handycipher. Part 6 is the same as Part 3, but uses an improved version of the cipher. It is ciphertext-only.

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Weakened Handycipher challenges serve as an exercise and use an intentionally weakened version of Handycipher. Part 5 is the same as Part 2, but uses an improved version of the cipher. It is ciphertext-only, but you are given some partial information about the key.

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Weakened Handycipher challenges serve as an exercise and use an intentionally weakened version of Handycipher. Part 4 is the same as Part 1, but uses an improved version of the cipher. You are given the first 1,009 characters of the plaintext, and some partial information about the key.

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Extended Handycipher is an enhancement of Handycipher. Part 6 is the same as Part 3, but uses an improved version of the cipher. You are given two encryptions of the plaintext generated with the same key. It is ciphertext-only.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Extended Handycipher is an enhancement of Handycipher. Part 5 is the same as Part 2, but uses an improved version of the cipher. You are given two encryptions of the plaintext generated with the same key, and 229 characters occuring at an unknown location in the plaintext.

Solve this challenge
3 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Extended Handycipher is an enhancement of Handycipher. Part 4 is the same as Part 1, but uses an improved version of the cipher. You are given three encryptions of the plaintext generated with the same key, and the first 229 characters of the plaintext.

Solve this challenge
3 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 6 is the same as Part 3, but uses an improved version of the cipher. It is a ciphertext-only challenge.

Solve this challenge
5 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 5 is the same as Part 2, but uses an improved version of the cipher. You are given the ciphertext and 229 letters occuring at an unknown location in the plaintext.

Solve this challenge
5 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 4 is the same as Part 1, but uses an improved version of the cipher. You are given the ciphertext and the first 229 letters of the plaintext.

Solve this challenge
4 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This series consists of five parts which are based on each other and that will be getting more and more complicated with each part. This is the last part and teaches us something about the weaknesses of this method by improving it a little bit in some points.

Solve this challenge
16 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This series consists of five parts which are based on each other and that will be getting more and more complicated with each part. This part is the actual challenge and tells you the New Year's greeting of the author.

Solve this challenge
44 users have already solved this challenge, 13 are working on it.
You need to be logged in to solve this challenge.

Description
This series consists of five parts which are based on each other and that will be getting more and more complicated with each part. Part 4 contains a little New Year's greeting of the author and part 5 teaches us something about the weaknesses of this method. Part 3 adds another modification.

Solve this challenge
47 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
This series consists of five parts which are based on each other and that will be getting more and more complicated with each part. Part 4 contains a little New Year's greeting of the author and part 5 teaches us something about the weaknesses of this method. Part 2 modifies the encryption of part 1 a little bit.

Solve this challenge
49 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
This series consists of five parts which are based on each other and that will be getting more and more complicated with each part. Part 4 contains a little New Year's greeting of the author and part 5 teaches us something about the weaknesses of this method. Part 1 is the easiest part of this series.

Solve this challenge
54 users have already solved this challenge, 19 are working on it.
You need to be logged in to solve this challenge.

Description
Both images in this challenge seem to contain no information at all. Or do they trick us? Find the secret message.

Solve this challenge
169 users have already solved this challenge, 25 are working on it.
You need to be logged in to solve this challenge.

Description
The story of the simple bookseller Paul from Eisleben and his beloved from the near Castle Mansfeld will be continued: A second postcard has been found. Can you decipher the encrypted message?

Solve this challenge
60 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The challenges for the simplified GRANIT cipher, a method that can be done manually, serve as an exercise and use an intentionally simplified version of GRANIT. Part 3 is a ciphertext-only challenge for which the second permutation key is known.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The challenges for the simplified GRANIT cipher, a method that can be done manually, serve as an exercise and use an intentionally simplified version of GRANIT. Part 2 is a ciphertext-only challenge for which the first permutation key is known.

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The challenges for the simplified GRANIT cipher, a method that can be done manually, serve as an exercise and use an intentionally simplified version of GRANIT. Part 1 is a ciphertext-only challenge for which both permutation keys are known.

Solve this challenge
52 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
How are the numbers interconnected? Can you find the three missing numbers?

Solve this challenge
415 users have already solved this challenge, 32 are working on it.
You need to be logged in to solve this challenge.

Description
Spirale is a OTP cipher designed to be simply performed by hand. Part 4 is a ciphertext-only challenge with a 485-letter ciphertext. Unlike the other three parts of this series, this one uses four new random keys.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Spirale is a OTP cipher designed to be simply performed by hand. Part 3 is a ciphertext-only challenge with a 949-letter ciphertext. In this part, two of the four keys are equal to the keys of the first two parts.

Solve this challenge
6 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Spirale is a OTP cipher designed to be simply performed by hand. Part 2 is a ciphertext-only challenge with a 659-letter ciphertext. This part uses the same four keys for encryption as part 1 does.

Solve this challenge
8 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Spirale is a OTP cipher designed to be simple to implement by hand. It is resilient to errors as they have only a local effect without obscuring all the ciphertext. Part 1 is a partly-known plaintext challenge with a 314-letter ciphertext. The first 75 letters of the plaintext are known. Part 2 of this series uses the same four keys as this one.

Solve this challenge
8 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
During the cold war the foreign intelligence agency of Germany established so-called stay-behind units. Their radio messages were encrypted by a OTP method, but the keys were used multiple times. This challenge is about the effect of this multiple usage on the security of the method. You are given 5 messages, all encrypted with the same key.

Solve this challenge
20 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge series is about the GRANIT cipher, a method that can be done manually. It has been used for instance by the former GDR spy Günter Guillaume till about 1960. Part 1, 2 and 3 of this series use the same keyword for generating the key matrix, but different permutation keys. This part has a ciphertext-only challenge and the ciphertext has 80 characters.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge series is about the GRANIT cipher, a method that can be done manually. It has been used for instance by the former GDR spy Günter Guillaume till about 1960. Part 1, 2 and 3 of this series use the same keyword for generating the key matrix, but different permutation keys. This part has a ciphertext-only challenge and the ciphertext has 110 characters.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge series is about the GRANIT cipher, a method that can be done manually. It has been used for instance by the former GDR spy Günter Guillaume till about 1960. Part 1, 2 and 3 of this series use the same keyword for generating the key matrix, but different permutation keys. In this part a codebook is used additionally, and the given ciphertext has 70 characters.

Solve this challenge
0 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
The challenges for the weakened Handycipher serve as an exercise and use an intentionally weakened version of Handycipher. Part 3 is a ciphertext-only challenge. Handycipher is a newly designed cipher to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security.

Solve this challenge
15 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The challenges for the weakened Handycipher serve as an exercise and use an intentionally weakened version of Handycipher. Part 2 is a ciphertext-only challenge with a helping additional information. Handycipher is a newly designed cipher to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security.

Solve this challenge
15 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The challenges for the weakened Handycipher serve as an exercise and use an intentionally weakened version of Handycipher. Part 1 is a partially-known-plaintext challenge with a helping additional information. Handycipher is a newly designed cipher to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security.

Solve this challenge
17 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
A friend of yours has given you the following text which contains only X and Y characters. He claims that this text contains a codeword. Can you find it?

Solve this challenge
117 users have already solved this challenge, 52 are working on it.
You need to be logged in to solve this challenge.

Description
Extended Handycipher is an enhancement of the newly designed cipher Handycipher, which permits pen-and-paper encrypting and decrypting, while providing a significantly high level of security. You got only two different ciphertexts of the 996-character plaintext.

Solve this challenge
3 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Extended Handycipher is an enhancement of the newly designed cipher Handycipher, which permits pen-and-paper encrypting and decrypting, while providing a significantly high level of security. From the 905-character plaintext 229 characters somewhere in it are known.

Solve this challenge
3 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Extended Handycipher is an enhancement of the newly designed cipher Handycipher, which permits pen-and-paper encrypting and decrypting, while providing a significantly high level of security. From the 815-character plaintext the first 229 characters are known.

Solve this challenge
3 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
How are the numbers linked? Can you find the two missing numbers?

Solve this challenge
100 users have already solved this challenge, 39 are working on it.
You need to be logged in to solve this challenge.

Description
How are the numbers linked? Can you find the two missing numbers?

Solve this challenge
168 users have already solved this challenge, 21 are working on it.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly designed cipher to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. You got only the ciphertext of the 993-character plaintext.

Solve this challenge
7 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly designed cipher to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. From the 1142-character plaintext 229 characters somewhere in it are known.

Solve this challenge
8 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Handycipher is a newly designed cipher to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. From the 858-character plaintext the first 229 characters are known.

Solve this challenge
6 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
This is part 4 in a series about the M-138. Part 4 is a ciphertext-only challenge (75 letters).

Solve this challenge
31 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This is part 3 in a series about the M-138. Part 3 is a ciphertext-only challenge (125 letters).

Solve this challenge
65 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
This is part 2 in a series about the M-138. Part 2 is a partly-known plaintext challenge (48/100).

Solve this challenge
140 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
This is the beginner's challenge in a series about M-138, a manual cipher of the US army which has been relatively save at the beginning of world war 2nd. Part 1 of the series is a ciphertext-only challenge whose key is largely known.

Solve this challenge
230 users have already solved this challenge, 17 are working on it.
You need to be logged in to solve this challenge.

Description
You can find a short encrypted note at the end of the novel "Die achte Offenbarung" by Karl Olsberg. Decrypt the secret message!

Solve this challenge
103 users have already solved this challenge, 22 are working on it.
You need to be logged in to solve this challenge.

Description
This challenge is based on the Heartbleed Bug in OpenSSL discovered in April 2014. Attack a server which is specifically prepared to be vulnerable to the Heartbleed bug. Please note that it is necessary to solve Part 1 and 2 at first. !!! We had to take off this challenge, as our firewall doesn't allow flawed servers any more -- even if this flaw was offered by will for training and within a sandbox. !!!

Solve this challenge
33 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on May 17, 2022, 6:32 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
This challenge is based on the Heartbleed bug in OpenSSL discovered in April 2014. Attack a server which is specifically prepared to be vulnerable to the Heartbleed bug. Please note that it is necessary to solve Part 1 first. !!! We had to take off this challenge, as our firewall doesn't allow flawed servers any more -- even if this flaw was offered by will for training and within a sandbox. !!!

Solve this challenge
60 users have already solved this challenge, 12 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on May 17, 2022, 6:32 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
This challenge is based on the Heartbleed Bug in OpenSSL discovered in April 2014. Attack a server provided by the group for Privacy and Compliance with the Research Institute Cyber Defence (CODE) at Bundeswehr University Munich, which is specifically prepared to be vulnerable to the Heartbleed bug. !!! We had to take off this challenge, as our firewall doesn't allow flawed servers any more -- even if this flaw was offered by will for training and within a sandbox. !!!

Solve this challenge
90 users have already solved this challenge, 21 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on May 17, 2022, 6:32 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
In the last part of a series of mid-level Double Column Transposition challenges, you have to find the two keys. Each of it is 19 characters long and has been derived from an English phrase.

Solve this challenge
9 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
In this part of a series of mid-level Double Column Transposition challenges, the keys that has been used for both transposition are given. Find out from which phrases they have been derived!

Solve this challenge
52 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
In this part of a series of mid-level Double Column Transposition challenges, the same key has been used for both transposition. This allows you to attack this simple, yet strong cipher.

Solve this challenge
41 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
In this part of a series of mid-level Double Column Transposition challenges, a large part of the beginning of the plaintext is known. This partial crib allows you to attack this simple, yet strong cipher.

Solve this challenge
47 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods!

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods!

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods!

Solve this challenge
12 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
In this part of a series of mid-level Double Column Transposition challenges keys shorter than 20 allow you to attack this simple, yet secure cipher.

Solve this challenge
34 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
Many telegrams that date from the Spanish Civil War (1936 - 1939) still remain undisclosed. It is assumed that these telegrams were encrypted using the Spanish Strip Cipher. Try to find the plaintext of this original telegram.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
An English telegram was encrypted using the Spanish Strip Cipher, a popular algorithm during the Spanish Civil War. It is your task to find the plaintext.

Solve this challenge
33 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
A Spanish telegram was encrypted using the Spanish Strip Cipher, a popular algorithm during the Spanish Civil War. It is your task to find the plaintext.

Solve this challenge
34 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
In this part of this series of Enigma challenges, a plaintext message consisting of three letters which are repeated several times has been encrypted by the Enigma I. What are the first three letters of the plaintext?

Solve this challenge
83 users have already solved this challenge, 10 are working on it.
You need to be logged in to solve this challenge.

Description
In this part of this series of Enigma challenges, a plaintext message consisting of three letters which are repeated several times has been encrypted by the Enigma I. What was the setting of the Enigma rotors?

Solve this challenge
80 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
In this part of this series of Enigma challenges, a plaintext message consisting of two letters which are repeated several times has been encrypted by the Enigma I. What was the setting of the Enigma rotors?

Solve this challenge
89 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
The double columnar transposition is considered to be one of the best manual encryption systems. This sequence considers vulnerabilities that have been used to solve the corresponding level X challenge. The three challenges of the sequence have an increasing difficulty. In the third part a German plaintext has been encrypted with random keys.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The double columnar transposition is considered to be one of the best manual encryption systems. This sequence considers vulnerabilities that have been used to solve the corresponding level X challenge. The three challenges of the sequence have an increasing difficulty. In the second part two interleaved English texts have been encrypted with random keys.

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The double columnar transposition is considered to be one of the best manual encryption systems. This sequence considers vulnerabilities that have been used to solve the corresponding level X challenge. The three challenges of the sequence have an increasing difficulty. In the first part an English plaintext has been encrypted with keys derived from English sentences.

Solve this challenge
0 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
In this part of this series of Enigma challenges, a plaintext message consisting of one letter which is repeated several times has been encrypted by the Enigma I. What was the setting of the Enigma rotors?

Solve this challenge
88 users have already solved this challenge, 17 are working on it.
You need to be logged in to solve this challenge.

Description
Two scatterbrained professors exchange messages that have been encrypted with the Trifid cipher. Unfortunately, one of them lost the second of three layers. Will he nevertheless be able to decrypt the message he received from his colleague?

Solve this challenge
131 users have already solved this challenge, 9 are working on it.
You need to be logged in to solve this challenge.

Description
In this part of this series of Enigma challenges, a plaintext message consisting of one letter which is repeated several times has been encrypted by the Enigma I. What is the letter we are looking for?

Solve this challenge
183 users have already solved this challenge, 34 are working on it.
You need to be logged in to solve this challenge.

Description
You find a note with strange characters and an unsolved Sudoku on your brother's desk. You are curious and would like to find out what your brother is working on. Can you decrypt the note using the Sudoku?

Solve this challenge
109 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
Sarah and Igor are exchange students. Sarah lives in Moscow while Igor is in Berlin. To keep their little secrets confidential, they encrypt their emails. Decrypt the message to find out what Sarah wrote this time.

Solve this challenge
299 users have already solved this challenge, 33 are working on it.
You need to be logged in to solve this challenge.

Description
Nils would like to go on a journey and has given you a note with information about his destination. The note is encrypted. Can you find out where he would like to go?

Solve this challenge
181 users have already solved this challenge, 17 are working on it.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 212 decimal digits.

Solve this challenge
69 users have already solved this challenge, 6 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on July 31, 2013, 4:34 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods!

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods!

Solve this challenge
31 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The seven dwarfs are missing. Snow White however finds a file, which contains useful information steganographically hidden. Help her to find the dwarfs.

Solve this challenge
302 users have already solved this challenge, 86 are working on it.
You need to be logged in to solve this challenge.

Description
A new and unknown rotor has been added to the Typex machine. Use a known-plaintext attack to determine the wiring of the new rotor.

Solve this challenge
25 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Use the hints from the first and second part of this challenge to decrypt this message that has been encrypted using an ENIGMA.

Solve this challenge
14 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
After solving the first part of this challenge, you can use the hints you found to decrypt the two ciphertexts that have been encrypted using the ADFGVX cipher.

Solve this challenge
21 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
The reserve hand procedure has been used as a replacement of the Enigma machine. Can you decrypt the given ciphertext?

Solve this challenge
198 users have already solved this challenge, 11 are working on it.
You need to be logged in to solve this challenge.

Description
The Typex cipher has been used in World War 2 as an alternative to the Enigma cipher. Find the key that was used in this challenge.

Solve this challenge
31 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
The plaintext consists of English, French, German and Italian words. Can you identify the four sentences after you have solved the monoalphabetic substitution?

Solve this challenge
82 users have already solved this challenge, 6 are working on it.
You need to be logged in to solve this challenge.

Description
Can you break this cascading encryption that consists of a combination of substitution and transposition? The solution contains important information for the next parts.

Solve this challenge
75 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
Can you find the plaintext using 26 Engima ciphertexts that have been encrypted with different rotors and different initial settings?

Solve this challenge
83 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
In this challenge, only fragments of the grid used for a Playfair encryption are given. Are you able to reconstruct the matrix and decrypt the message?

Solve this challenge
122 users have already solved this challenge, 7 are working on it.
You need to be logged in to solve this challenge.

Description
This PDF file is supposed to contain a hidden codeword. Can you find it?

Solve this challenge
868 users have already solved this challenge, 166 are working on it.
You need to be logged in to solve this challenge.

Description
This postcard from Thessaloniki was written in German in 1897. The encrypted text can either be considered as message from the sailor Fritz to his wife at home, or as a note regarding spionage activities. Can you determine the codeword that was used to request secret information?

Solve this challenge
51 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
Can you decrypt the three military messages?

Solve this challenge
71 users have already solved this challenge, 13 are working on it.
You need to be logged in to solve this challenge.

Description
Can you decrypt the last part of the letter and read the friend's advice?

Solve this challenge
721 users have already solved this challenge, 19 are working on it.
You need to be logged in to solve this challenge.

Description
Help Alice and Bob to find a treasure on the island Mallorca. For this purpose, a three-stage cipher needs to be broken.

Solve this challenge
75 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
The Beaver Code is a transposition cipher. Apart from the solution of this challenge, can you find a formula for any given ciphertext length, which generates the permutation needed to decrypt the ciphertext?

Solve this challenge
1228 users have already solved this challenge, 46 are working on it.
You need to be logged in to solve this challenge.

Description
Can you decrypt the second part of the letter to the Templars as effortlessly as the first one?

Solve this challenge
845 users have already solved this challenge, 14 are working on it.
You need to be logged in to solve this challenge.

Description
After the Order of the Templar has become very powerful, enviers try to crush it. The knights receive an encrypted letter but the key does not arrive. Does this letter contain the warning that would have saved the knights from being arrested?

Solve this challenge
1055 users have already solved this challenge, 45 are working on it.
You need to be logged in to solve this challenge.

Description
In the previous parts, you broke a monoalphabetic substitution with one camouflage alphabet. Can you find the plaintext even if nine camouflage alphabets have been used?

Solve this challenge
2 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Your friend sent you an audio file that contains only a strange melody. In the email, your friend writes that the file contains a message encoded by a variant of Morse code. Can you find out how you can hear the Morse code?

Solve this challenge
44 users have already solved this challenge, 20 are working on it.
You need to be logged in to solve this challenge.

Description
You are invited to a job interview for the job of a cryptographer. Can you pass the first selection round?

Solve this challenge
234 users have already solved this challenge, 106 are working on it.
You need to be logged in to solve this challenge.

Description
In this challenge a plaintext has been encrypted using the KeyshancRT version of Keyshanc. The plaintext is an excerpt from one of William Shakespeare's plays.

Solve this challenge
41 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
In this challenge an excerpt from a novel has been encrypted using the "Keyshanc" cipher. Keyshanc is a special kind of monoalphabetic substitution using a 95-character alphabet.

Solve this challenge
50 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
In 1586 the famous French mathematician Blaise de Vigenère published a picture of the night sky and claimed that a message was concealed in it. Can you find out how to decipher this message?

Solve this challenge
16 users have already solved this challenge.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on July 15, 2016, 12:39 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
How are the numbers linked? Can you find the three missing numbers?

Solve this challenge
108 users have already solved this challenge, 132 are working on it.
You need to be logged in to solve this challenge.

Description
Can you find the link between these numbers?

Solve this challenge
864 users have already solved this challenge, 27 are working on it.
You need to be logged in to solve this challenge.

Description
You don't speak Spanish? No Problem! Try to decrypt a ciphertext in a foreign language without knowledge of that language.

Solve this challenge
176 users have already solved this challenge, 22 are working on it.
You need to be logged in to solve this challenge.

Description
This number sequence is cyclic. Can you find out the fifth and sixth number?

Solve this challenge
1048 users have already solved this challenge, 112 are working on it.
You need to be logged in to solve this challenge.

Description
In order to decrypt the intercepted letter addressed to your neighbor, you need to find out which document has been used to encode the message with the book code.

Solve this challenge
156 users have already solved this challenge, 27 are working on it.
You need to be logged in to solve this challenge.

Description
In the fifth part the same variant of the cipher already introduced in Part 3 and 4 of this challenge has been used here, too. The only difference is that spaces were removed previously to the encryption process.

Solve this challenge
34 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Alice and Bob would like to agree upon a shared key. They use an Elliptic Curve Diffie-Hellman (ECDH) key-exchange protocol. Try to reproduce the steps that are necessary to calculate the key and to decrypt Bob's message.

Solve this challenge
102 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
With RSA keys, the private key d must remain private. If the public key e is very small, this is not completely possible. This exercise demonstrates how simple it is to compute a portion of the secret key d.

Solve this challenge
89 users have already solved this challenge, 16 are working on it.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 617 decimal digits.

Solve this challenge
0 users have already solved this challenge, 6 are working on it.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 617 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 500 decimal digits.

Solve this challenge
0 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 490 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 480 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 470 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 463 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 460 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 450 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 440 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 430 decimal digits.

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 420 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 410 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 400 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 390 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 380 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 370 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 360 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 350 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 340 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 330 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 320 decimal digits.

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 310 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 309 decimal digits.

Solve this challenge
0 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 309 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 300 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 290 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 280 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 270 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 270 decimal digits.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 260 decimal digits.

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 250 decimal digits.

Solve this challenge
27 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on Feb. 28, 2020, 4:48 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 240 decimal digits.

Solve this challenge
28 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on Dec. 2, 2019, 1:52 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 232 decimal digits.

Solve this challenge
28 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on Feb. 17, 2020, noon, and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 230 decimal digits.

Solve this challenge
40 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on Aug. 15, 2018, 12:05 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 220 decimal digits.

Solve this challenge
47 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on May 13, 2016, 10 a.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 210 decimal digits.

Solve this challenge
64 users have already solved this challenge, 8 are working on it.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on Sept. 26, 2013, 3:48 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
An AES encrypted message has been forwarded to you. Additionally, you have received the corresponding key - unfortunately not quite complete - in a form like a machine readable zone on an identity document as it is used e.g. with ePassports in Europe.

Solve this challenge
84 users have already solved this challenge, 11 are working on it.
You need to be logged in to solve this challenge.

Description
In the third part of this challenge the cipher has been used to encrypt a plaintext but the spaces have not been removed before.

Solve this challenge
98 users have already solved this challenge, 12 are working on it.
You need to be logged in to solve this challenge.

Description
Alice and Bob use the cipher as it had been described in part 3 of this challenge. Due to an error one message has been encrypted and sent twice. Does this help you to find out the shared key and enables you to decrypt a third message easily?

Solve this challenge
51 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
In this challenge a variant has been used that allows to benefit from the camouflage effect and get a ciphertext not longer than the plaintext.

Solve this challenge
50 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
In this challenge it is to test whether a monoalphabetic substitution with camouflage provides more security even though spaces were not removed prior to the encryption.

Solve this challenge
54 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
After making yourself familiar with the idea of this cipher in part 1 it is now time to attack a larger plaintext. The monoalphabetic cipher that has been applied on the plaintext before should be the least problem.

Solve this challenge
150 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
A strange effect might occur if you encrypt a message using the RSA cipher: The encrypted message has got the same value as the plaintext. Can you find all of these unconcealed messages for the given public key?

Solve this challenge
52 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
It is not difficult to break a monoalphabetic substitution but in this challenge an additional camouflage alphabet causes confusion.

Solve this challenge
66 users have already solved this challenge, 8 are working on it.
You need to be logged in to solve this challenge.

Description
With the help of 7 pairs of plaintext-ciphertext you have to find out how this factorization cipher works and then decrypt a ciphertext.

Solve this challenge
519 users have already solved this challenge, 18 are working on it.
You need to be logged in to solve this challenge.

Description
You intercepted two ENIGMA I messages. Both are dated from the same day. Use a Turing Bombe to find out the key of the day and decipher the solution.

Solve this challenge
75 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
A friend of yours sent you a file that seems to be empty. Was it just a mistake or is there a secret to reveal?

Solve this challenge
63 users have already solved this challenge, 17 are working on it.
You need to be logged in to solve this challenge.

Description
You need to reconstruct some fields of the grille to decrypt the message written on an old note.

Solve this challenge
506 users have already solved this challenge, 42 are working on it.
You need to be logged in to solve this challenge.

Description
Asterix and Obelix besiege Rome. They just happened to find an encrypted message but instead of the common Caesar Cipher the Romans used a new method. Can you decrypt the message?

Solve this challenge
119 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
In 2006 the distributed "M4 Message Breaking Project" under the lead of Stefan Krah aimed at decrypting three ENIGMA M4 messages from the time of World War II. Two of the three messages where decrypted within the first weeks. However, the third message withstood despite all efforts and remained unbroken. Today, the M4 project has been discontinued with the last message still unbroken. The task of this challenge is to break this very last message - after all, a few years have past since the project was discontinued and cryptanalysis and computational power also advanced during this time. Note: The solution was published here: http://www.enigma.hoerenberg.com/. You can't get points for solving it any more, but you can still use it as a good training experience.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Two girls want to communicate in a secret way using the „affine cipher“. Transform the encryption rule into the decryption rule and turn in the plaintext of the example.

Solve this challenge
610 users have already solved this challenge, 12 are working on it.
You need to be logged in to solve this challenge.

Description
This is already a really long number sequence. Can you find the 10001st element?

Solve this challenge
123 users have already solved this challenge, 31 are working on it.
You need to be logged in to solve this challenge.

Description
In this challenge the rotational relationship between the Pigpen symbols are used to create a new cipher. In this part the well-known key squares are used as a warm up.

Solve this challenge
158 users have already solved this challenge, 7 are working on it.
You need to be logged in to solve this challenge.

Description
A random, non-periodic key, an unknown substitution - can you find out the 12th word?

Solve this challenge
41 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
Can you break the cipher without knowing the substitution? But in return you know that a periodic rotation key has been used.

Solve this challenge
43 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
The Caesar Chiper is rather simple. But in this challenge it is used with a different alphabet and a modified way of shifting the letters.

Solve this challenge
236 users have already solved this challenge, 62 are working on it.
You need to be logged in to solve this challenge.

Description
In order to calculate the private keys of the RSA algorithm, it is necessary to factorize large numbers. How difficult is it if we replace x*y by some diophantine equation?

Solve this challenge
69 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
This challenge concerns the Discrete Logarithm Problem (DLP) in a "medium" field. For powers of very small primes and for large prime fields the function-field sieve and the number-field sieve are highly optimized; for intermediate fields algorithms with the same asymptotic behavior exist but the actual running times are slower. Are you able to solve the DLP in such a field anyway?

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
A pair of plaintext and the corresponding ciphertext encrypted with the ADFGVX cipher ist given. Can you reveal the substitution and transposition key used in this example?

Solve this challenge
127 users have already solved this challenge, 8 are working on it.
You need to be logged in to solve this challenge.

Description
A small ciphertext encrypted with the ADFGVX cipher, which has been used during World War I, is given. Are you able to reveal the plaintext message?

Solve this challenge
124 users have already solved this challenge, 18 are working on it.
You need to be logged in to solve this challenge.

Description
You found out that a message encrypted with two different public keys but same modulus yield to the same ciphertexts. Are you able to name the smallest private key to decrypt ciphertexts that were generated with this parameters?

Solve this challenge
158 users have already solved this challenge, 14 are working on it.
You need to be logged in to solve this challenge.

Description
A message was encrypted with three different moduli but the same public exponent. Fortunately, you were able to catch the three different ciphertexts. Are you able to recover the secret message?

Solve this challenge
243 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
This sequence is infinite, the first 9 numbers are given. What are the 10th and 11th number?

Solve this challenge
2164 users have already solved this challenge, 490 are working on it.
You need to be logged in to solve this challenge.

Description
Usually prefix-free codes are used for encryption because it makes the decryption process easier at the receiver's end. However, this challenge deals with a substitution cipher with non-prefix codes. This should be broken by performing a "ciphertext-only attack".

Solve this challenge
1 user has already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
A piece of music is given as mp3 file and in music notation. The notes represent a secret message, which was encrypted with two classic methods. To solve this challenge you first have to solve part 1 (which is in level 1).

Solve this challenge
42 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
A piece of music is given as mp3 file and in music notation. The notes represent a secret message, which was encrypted with two classic methods. In part 1 of this challenge you have to solve the first of these methods. Thereafter, you can set out to solve part 2 (which is in level 2).

Solve this challenge
43 users have already solved this challenge, 31 are working on it.
You need to be logged in to solve this challenge.

Description
This time your friend encrypted his plaintext within several iterations (rounds). Are you able to decrypt the ciphertext anyway?

Solve this challenge
10 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
This time your friend packed the plaintext in a ZIP archive before encrypting it. Are you able to get the archive from the given ciphertext file, and then reveal the wanted plaintext?

Solve this challenge
0 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
By the time quantum computers exist, the actual signing algorithms are not secure anymore. Then one can switch e.g. to so-called "Unbalanced Oil and Vinegar" systems. It is your challenge to break such a system, with realistic parameters, today already.

Solve this challenge
12 users have already solved this challenge, 6 are working on it.
You need to be logged in to solve this challenge.

Description
By the time quantum computers exist, the actual signing algorithms are not secure anymore. Then one can switch e.g. to so-called "Unbalanced Oil and Vinegar" systems. It is your challenge to break a simplified version of such a system today already.

Solve this challenge
101 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
An unsolved FBI case: In 1999, an encrypted message was found in the pockets of a murder victim. No one was able to decrypt it so far.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Password-based authentication means that a user sends a plaintext password to a server, and the server calculates the hash value of the received password and compares it with a stored hash value. Goal of this challenge is to reveal the plaintext password given its SHA1 hash value. There is some information known about the original password.

Solve this challenge
583 users have already solved this challenge, 16 are working on it.
You need to be logged in to solve this challenge.

Description
Your challenge is, to find a shortest nonzero lattice vector for a given lattice basis.

Solve this challenge
34 users have already solved this challenge, 8 are working on it.
You need to be logged in to solve this challenge.

Description
This time your friend only sends you a ciphertext, which has been encrypted using his cipher (see Kaskade-S/T Part 1 and Part 2). He wants you to figure out the title of the decrypted text.

Solve this challenge
36 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
Your friend calls you again and wants you to “test” his cipher (see Kaskade-S/T Part 1) with a longer key. He sends you a plaintext and the corresponding ciphertext and asks, if you could discover the key used for encryption.

Solve this challenge
53 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
A friend sends you a cipher designed by him and asks you to discover the used key, using a given plaintext and the corresponding ciphertext.

Solve this challenge
108 users have already solved this challenge, 7 are working on it.
You need to be logged in to solve this challenge.

Description
In the Fully Homomorphic Encryption scheme by Gentry and Halevi the private key is included in the public key. So, theoretically it is possible to recover the secret key.

Solve this challenge
0 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
The Fully Homomorphic Encryption Scheme by Gentry and Halevi turns out to be vulnerable to so called lunchtime attacks. In this challenge you have to perform such an attack.

Solve this challenge
49 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
In this challenge you shall break the Playfair encryption which was used by the British forces in the Crimean War and in World War I, among others.

Solve this challenge
129 users have already solved this challenge, 12 are working on it.
You need to be logged in to solve this challenge.

Description
In this challenge you shall break the Caesar encryption in its original form.

Solve this challenge
3095 users have already solved this challenge, 147 are working on it.
You need to be logged in to solve this challenge.

Description
CMEA is a block cipher and was one of the 4 cryptographic primitives of the mobile communications network in the US. It is your challenge to perform a known-plaintext attack on CMEA with 40 known plaintext blocks given.

Solve this challenge
29 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
CMEA is a block cipher and was one of the 4 cryptographic primitives of the mobile communications network in the US. It is your challenge to perform a known-plaintext attack on CMEA with 100 known plaintext blocks given.

Solve this challenge
45 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
Akelarre is a combination of IDEA and RC5. However, Akelarre is not as strong as those two ciphers. Perform a known plaintext attack on Akelarre.

Solve this challenge
10 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The Enigma is an electro-mechanical rotor machine used for encryption and decryption. One main part of the Enigma is changeable rotors. This challenge deals with the calculation of the key space.

Solve this challenge
107 users have already solved this challenge, 68 are working on it.
You need to be logged in to solve this challenge.

Description
The "Three Investigators" heard that it was possible to create truly unbreakable cipher texts if you linked a stream of true random numbers to the plaintext (one-time pad). However this random stream must be incalculable for outsiders. Do you think you can, nevertheless, decrypt an eavesdropped encrypted message from the "Three Investigators"?

Solve this challenge
320 users have already solved this challenge, 23 are working on it.
You need to be logged in to solve this challenge.

Description
Hybrid encryption is widely used in practice. However, when using hybrid encryption you should take care of certain details...

Solve this challenge
180 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
The Purple machine was the Japanese counterpart of the German Enigma machine. Decrypt the given ciphertext which was encrypted with the Purple machine.

Solve this challenge
21 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
To achieve a very fast decryption in RSA, one might choose the secret key to be rather small. It should, however, not be too small, since then it might be possible to mount brute-force attacks. The same holds for variants like RSA-CRT.

Solve this challenge
77 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
This is the final part of a 3-part challenge regarding the classical transposition. You can solve this challenge with pen and paper or by writing a small computer program. In this challenge, the plaintext was first encrypted with a monoalphabetic substitution cipher. After that, the result was encrypted a second time with the irregular columnar transposition to create the final ciphertext. The used key length for the columnar tranposition has less than 10 characters.

Solve this challenge
83 users have already solved this challenge, 3 are working on it.
You need to be logged in to solve this challenge.

Description
This is part 2 of a 3-part challenge regarding the classical transposition. You can solve this challenge with pen and paper as well as with different software programs. To create the ciphertext the plaintext was first encrypted with a classical shift cipher. The result of this encryption was then further encrypted with a columnar transposition with a key length of less than 10 characters.

Solve this challenge
152 users have already solved this challenge, 8 are working on it.
You need to be logged in to solve this challenge.

Description
This is part 1 of a 3-part challenge regarding the classical transposition. You can solve this challenge with pen and paper as well as with adequate software programs (e.g. CrypTool 2). With this irregular columnar tranposition a key length greater than 10 was used.

Solve this challenge
161 users have already solved this challenge, 11 are working on it.
You need to be logged in to solve this challenge.

Description
Homophonic substitution using 5 ciphertext characters for a binary cleartext alphabet. This challenge can be solved with paper & pencil.

Solve this challenge
349 users have already solved this challenge, 8 are working on it.
You need to be logged in to solve this challenge.

Description
Homophonic substitution using 3 ciphertext characters for a binary cleartext alphabet. This challenge can be solved with paper & pencil.

Solve this challenge
404 users have already solved this challenge, 75 are working on it.
You need to be logged in to solve this challenge.

Description
The Caesar encryption, a very simple example of a monoalphabetic substitution.

Solve this challenge
1475 users have already solved this challenge, 800 are working on it.
You need to be logged in to solve this challenge.

Description
The encryption with the Sigaba machine was the American counterpart to the German Enigma. But due to the much larger key space of the Sigaba, even today, it is only feasible to break the code if parts of the key are known. This is what this challenge is about.

Solve this challenge
18 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
In present-days knowledge Triple-DES is secure if a really random key is used. If the key is not random and a part of the key may be guessed, it is possible to get knowledge of the rest of the key with a feasible bruteforce attack.

Solve this challenge
208 users have already solved this challenge, 7 are working on it.
You need to be logged in to solve this challenge.

Description
Decrypt the given ciphertext which is encrypted with the Sigaba machine. Please give the letters in the key as capital letters. This challenge has solutions that cannot be automatically checked. If you find such a solution and want to receive your points please write us an E-Mail.

Solve this challenge
5 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Decrypt the given ciphertext which is encrypted with the Enigma chiper. The key conists of the configuration of the stecker and the initial setting of the three rotors. Please give the letters in the key as capital letters.

Solve this challenge
92 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
Decrypt the given ciphertext which is encrypted with the Enigma chiper. The wanted key conists of the configuration of the Enigma. Please give the letters in the key as capital letters.

Solve this challenge
132 users have already solved this challenge, 25 are working on it.
You need to be logged in to solve this challenge.

Description
In the late 1960s the so called Zodiac killer used a homophonic substitution encryption to encrypt letters to the police and the press. This challenge is inspired by the solved Zodiac-408 problem and the unsolved Zodiac-340 problem. Hint: Provide the codeword in capital letters.

Solve this challenge
101 users have already solved this challenge, 40 are working on it.
You need to be logged in to solve this challenge.

Description
The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods! Hint: Enter the codeword in hex with non-capital letters and a leading zero.

Solve this challenge
48 users have already solved this challenge, 4 are working on it.
You need to be logged in to solve this challenge.

Description
The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods! Hint: Enter the codeword in hex with non-capital letters.

Solve this challenge
80 users have already solved this challenge, 9 are working on it.
You need to be logged in to solve this challenge.

Description
The longest key that has ever been publicly cracked by exhaustive key search was 64 bits long. The purpose of this challenge is to improve this world record by one bit.

Solve this challenge
0 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
In 1923, a member of the Ku Klux Klan sent an encrypted telegram to one of his colleagues. This telegram could be preserved. More than 60 years later, the US mathematician Cipher Deavours examined the telegram and was able to decipher it. In 1989, he published some of the details about the solution in the magazine Cryptologia („A Ku Klux Klan Cipher“, edition 3/1989). However, he didn‘t tell the complete solution – the last part was left to the reader as an exercise.

Solve this challenge
42 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
This is a famous speech of a German soccer star - including a mistake. The codeword consists of 2 words, one after the other with no space. The first is the password used to encrypt the plaintext, and the second is the mistake in the decrypted text. (The plaintext is in German.)

Solve this challenge
562 users have already solved this challenge, 187 are working on it.
You need to be logged in to solve this challenge.

Description
This sequence is infinite, but you may recognize it after just 13 numbers. What is the 14th number? Please type in the numeric expression of the number.

Solve this challenge
4388 users have already solved this challenge, 430 are working on it.
You need to be logged in to solve this challenge.

Description
The author of the German book "The Art of Deciphering", written 1808 remains unknown. However, the editor signs the preface with a cipher (Semicolon Plus One Triangle Plus Circle Period). Is this the encrypted name of the author?

Solve this challenge
2 users have already solved this challenge, 1 is working on it.
You need to be logged in to solve this challenge.

Description
In 1885, the US businessman James Ward published a booklet about an allegedly true story of a hidden treasure. According to the story, in 1823, a man named Thomas Beale hid several tons of gold and silver in a secret place and described the location of it in three encrypted messages. One of these messages was cracked, but it doesn't contain enough information to locate the treasure. The two other messages are unsolved.

Solve this challenge
1 user has already solved this challenge.
You need to be logged in to solve this challenge.

Description
It is well known that RSA with a small private key is insecure. The company, Smart, Inc. has decided to try using special private keys that are large but have a small Hamming weight in order to speed up decryptions and signature generation. The question is whether these keys are safe. Try to reconstruct the private key d from the public parameters. The codeword for this challenge is the private key d in decimal notation.

Solve this challenge
24 users have already solved this challenge, 7 are working on it.
You need to be logged in to solve this challenge.

Description
During World War II, the Italian solider Antonio Marzi worked as a radio operator. He created more than 230 pages full of enciphered notes about his experiences. Unfortunately, he forgot one step of his enciphering method. Still today, his records have never been decrypted.

Solve this challenge
4 users have already solved this challenge.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on Jan. 25, 2014, 8:34 p.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
It is also important to choose the parameters of an elliptic curve cryptosystem wisely. This was not done in this example, which should enable you to decrypt another ciphertext message from Malawi. The plaintext reveals the codeword, although this time it is not as closely related to the photo.

Solve this challenge
44 users have already solved this challenge, 2 are working on it.
You need to be logged in to solve this challenge.

Description
When creating RSA keys, it is important to choose the n and e parameters wisely. This was not done in this example, and thus you should be able to decipher this ciphertext message sent from Malawi. The plaintext gives the codeword, which is related to the photo.

Solve this challenge
207 users have already solved this challenge, 5 are working on it.
You need to be logged in to solve this challenge.

Description
In 1806, the young countess Julie finds a dress with an old enciphered letter in a pouch. It reveals a secret of one of Julie's ancestors. Can you break the cipher? The codeword for this challenge is the last word of the letter (all uppercase).

Solve this challenge
181 users have already solved this challenge, 20 are working on it.
You need to be logged in to solve this challenge.

Description
Kryptos is a sculpture made by the US artist Jim Sanborn. It is located next to the headquarters of the CIA in Langley, VA. An encrypted message was written on the sculpture. The message consists of four independent parts. The first three parts have been solved, but the fourth one has so far withstood every attempt at decryption.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
The double columnar transposition is considered one of the best manual encryption systems. Many secret organizations have made use of it or still use it today. As there are only a few publications on this method, it is not clear if and how a well-constructed double transposition cipher can be broken.

Solve this challenge
2 users have already solved this challenge.
You need to be logged in to solve this challenge.
The solution for this challenge was made public on June 13, 2014, 9 a.m., and thus it is no longer possible to get points for this challenge. However, you can still solve it and enter a solution for this challenge.

Description
In 1897, the English composer Edward Elgar sent an encrypted message to a lover. So far, nobody has been able to decrypt it. This message is known today as the "Dorabella Cipher".

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
In 1939, the Russian-born Briton Alexander D'Agapeyeff published a book named "Codes and Ciphers". This book contains a ciphertext that was meant as an exercise. So far, nobody has been able to decrypt this ciphertext. In later editions of his book, this exercise was omitted – possibly because he had forgotten the solution himself. D'Agapeyeff may have made a mistake during the encryption procedure, which makes it now difficult to find the cleartext.

Solve this challenge
0 users have already solved this challenge.
You need to be logged in to solve this challenge.

Description
Alice has learned from her mistake from last year. This year, she makes sure that the friends to whom she sends invitations for her birthday party all use unique RSA N parameters. However, this time she still makes another mistake that allows an adversary, Eve, to reconstruct the message. Can you again decrypt this year's invitation? The codeword for this challenge is the location of Alice's party.

Solve this challenge
298 users have already solved this challenge, 6 are working on it.
You need to be logged in to solve this challenge.

Description
Alice sends encrypted invitations for her birthday party to her friends. As it turns out, two of her friends use the same RSA parameter N. This fact allows an adversary Eve to decrypt the encrypted message without knowing the corresponding secret key. Where does Alice's party take place? The codeword for this challenge is the location of Alice's party.

Solve this challenge
312 users have already solved this challenge, 25 are working on it.
You need to be logged in to solve this challenge.

Description
In September 1902, a book seller named Paul Winkler received a postcard in cipher. Sent from the nearby Mansfeld castle, it appears that a young lady wants to meet with Paul – secretly. Find the name of the young lady and submit it as the codeword for this challenge. Use only capital letters.

Solve this challenge
132 users have already solved this challenge, 19 are working on it.
You need to be logged in to solve this challenge.

Description
This challenge contains three messages encrypted with classical ciphers. You will need break each of the ciphers and take note of the three codewords. When you have all three codewords, submit them in the form "codeword1-codeword2-codeword3". Please note that the codewords are case sensitive and you have only 5 trials to find the correct solution. The MTC3 team wishes everybody much success and fun in finding the correct solution.

Solve this challenge
190 users have already solved this challenge, 17 are working on it.
You need to be logged in to solve this challenge.

Currently 21 guests and one member are online.
Powered by the CrypTool project
Contact | Privacy | Imprint
© 2009-2024 MysteryTwister team