Crypton is an educational library to learn and practice Offensive and Defensive Cryptography.
It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated Encryption Systems. Each attack is also supplemented with example challenges from “Capture The Flag” contests and their respective write-ups. Individuals who are already acquainted (or are into CTFs) with this field can use Crypton as a tool to solve challenges based on a particular existing vulnerability.
With the increasing amount of attacks on implementations of cryptographic protocols every year, it has become essential that we give as much importance to secure implementation of these protocols as we give to internals of the protocol itself.
While the protocol designers make sure that a secure cryptosystems is selected for a protocol along with various other factors that decide the security of a protocol, developers designing implementation of these protocols too must make sure that they don’t leave behind silly bugs or forget some checks in some part of the implementation of the protocol such that it creates problems to users/organisations using it.
Matasano Crypto Challenges have provided a very nice headstart to learning crypto, but it has been years since the challenges were updated.
This library is an attempt to bridge the gap between theoretical and applied cryptography, by means of analysing how various cryptosystems work, their internals, the math behind the concepts etc.
As of now the library consists of around 45 attacks on various cryptosystems
The library will be continuously updated with attack explanations and CTF challenges!
WARNING: The author in no way guarantees that the code is secure. The library is only meant for educational purposes and the code should not be used for implementing in real world. All the example scripts in the library are trivial implementations.
Motivation
Help CTF players and individuals interested in the field of Cryptography provide a platform for learning attacks in crypto and for experienced CTF players to practice challenges systematically divided into attacks associated with different sub-domains in crypto. Also, illustrate through various attack explanations how proper implementation of protocols is crucial.
Who can use the library?
Anyone, who is interested in the field of cryptography can use this library. While people who are new to this field can use it as a tool to learn new concepts/attacks and implement them at the same time, it can also be used by CTF players to practice crypto challenges based on a particular attack.
