 Okay, welcome to the dead microphone. Turn it on. Thank you. I've actually got some on the A-B booth, which is kind of a nice pleasant change. My name is G-Mark. G-Mark Hardy. I'm here to tell you about Tales from the Crypto! By the way, bro, all kinds of really cool swag here. So if you like getting from 4B, if I ask you a question, you give me a reasonable, intelligent answer. Come on up, grab something. I got playing cards. I got the regular playing cards. The unclass. I got the red ones. They're classified. You're only allowed to look at one at a time. Here are glasses, shot glasses, all kinds of really good stuff. So without further ado, let's begin. Now, I can tell you all about stories. You can look up at the library, or I can tell you how to win crypto contests. Want to learn how to make money and win contests and impress people and get the badge that says Ninja Party Unlocked? Things like that. Okay, so, want to buy a beer tonight? I'll tell you stories about World War II crypto. It's American cybers, Japanese cybers, German cybers. You find a lot of times that cryptography has been present throughout history. It's usually been the determinant about who wins wars. This is not miscellaneous sideline stuff. This is key. This is important. And we look at the early days of crypto to find the point that we figured out how to do asymmetric cryptography, and now what do we have? We've got online commerce with all the great security of SSL. But wait, let's go a little bit down to basics first. What I want to show you is kind of the basic moves in which you'll need to learn cryptography. All the crypto contests that I've got and everything you might see out there, for the most part, don't involve using software to go ahead and have brute force gigantic numbers. Okay, that's fine and that's great, but that's fun for the computer. What's fun for you? Figuring out all the different components. What makes cryptography work? So I'm going to talk to you about transposition cyphers, where you kind of move things around. Substitution cyphers, where you change one thing for another. And product and exponentiation cyphers, which is in the 102 talk, which we are not doing today. But remember, there is always beer. So, on a transposition cypher, what are we talking about? If I've got, let's say, a message attack at dawn, and I want to disguise this thing in a not so terribly difficult code, but I want to make it in such a way that it is relatively difficult for somebody who's intoxicated to figure out, I will go ahead and map that thing across, let's say, four different columns. I could do three, I could do five, I could pick whatever number that makes me happy. And then what would you think the key would be if I'm going to go ahead and put things into four different columns and scramble them? Number four? No. Four-digit number. What's specific about that four-digit number? The order they're in. Come on up, grab something. So your key in this case would be one, two, three, four, which is a pretty bad key. But nonetheless, it works. You can get attack at dawn because you grabbed the first column, then this one. Can we ever see the shirts that Bill Breen used to do with not the Fed, N-O-T-T-H-E-F-E-D going down this way? Some light bulbs are coming up. That's what they mean. So all we've done is just trust transpose things. So transposition cipher means what you're going to do is just simply reorder them. And they can bring it back out. You can take it with a different key. The point is what is preserved in a transposition cipher? The plain text is preserved and also what is preserved? The letter frequency, okay. I need a frequent and a plain text up here. I don't want to throw a deck of cards. Someone's going to get hurt. I will throw them one at a time. Come on up and grab something. Honor system only one piece. Substitution cipher, probably one of the earliest ciphers that was out there, is known as the Caesar cipher. Why? Who do you think first used it? All right, that's not worth anything. But it turned out that back then in the days of the ancient Romans that being able to come up with a thing that was written was pretty good cryptography. Why? Because 99% of the known world was illiterate. So if you write it down, you win. Yeah, and it's in Latin, too. Non-carbarundum illegitimis, right? Don't let the bastards grind you down. So that's what I got to show for three years of Latin. So anyway, what Caesar cipher did is he said, let's take it and shift it over by a period of three letters. And so now what we do is we'll say A goes to D. B goes to E, C goes to F, and it rotates around the end. So Z doesn't go off into the universe. It does come back in A, B, and C. So that is starting to give you an idea of the whole key concept of a lot of cryptography, which is modular arithmetic. So what module are we looking at right here? Mod 26. So you can count either from 1 to 26, or if you see program, it's 0 to 25. But there's never a 27th letter. And so no matter how big that number gets, if you wrap around the end, you just knock off 26s and you get back down within the range. And so now if we take attack at dawn, and we put it in just a straightforward Caesar cipher, what do you get? Glindus and glitgidzuk, which you might also hear tonight at some of the parties. But there's nothing magic about that particular Caesar cipher. In fact, this is probably the simplest case of a substitution cipher, because what we're doing here is how many possible Caesar ciphers are there? Who said 25? 26 is a singularity that collapses back on itself, where your key is 0, A maps to A, B maps to C, and then you better hope that you're back in ancient Rome again, where most people are illiterate. Well, if you try to go ahead and do other substitution ciphers, you can come up with lots of different ways to do things. Because a visionary cipher says, well, hey, we kind of like this idea of a Caesar cipher, but just having one single key doesn't help a whole lot because you've got 25 attempts to try it. And oh, by the way, it also, as I said, someone said it preserves not only the plain text, but it preserves the frequency information. In the English language, what's the most frequent letter ever used? E, followed by T, A, O, N, I, R, S, H, all the way down to Q, X, and Z. And you go back and read some books that have talked about cryptography, and you can look at frequency charts, but by and large, that tends to be what you see. By the way, what's the most common character in printed text? The space key, yes. That wasn't a cryptic question. That was just a general knowledge, so no goodies for you. But hang in there, you'll get something. So anyway, the genetic cipher says, let's go ahead and pick multiple keys. And then we will encrypt every third or every fourth or every fifth letter with the same Caesar cipher. So you can see that key of A would take A to B because A plus A is B. Think modularly, rear arithmetic, A plus P is Q. A plus Y is Z. And then, of course, you get a B plus Y down to A again, and you can start to see that this thing fits into a nice 26 by 26 grid. And so here, if we use those things like P-A-R-T-Y, attack at dawn tomorrow, we break it up into groups of five. And this is something that you often saw back in World War II because the old Hagelland machines and decoders would break code up into five character groups. Because how is this usually transmitted? By Morse code. Da-da-da-da-da-da-da. So what you're going to do is you're going to be sending that, telling the guy to write down the answer and write down what he's getting. So now we'll take a tag at dawn, and we're going to encrypt it with the recurring key. Party, party, party, party, party. What does that sound? That sounds like a good idea, right? So A plus P is what? No, it's not the Alexis Park. It is Q. And T plus A, Q, yeah, okay. And then we go right down the line, we find out that we can add these things right up there. And that is a more robust form of encryption. Now, note what's happened here. We don't have the original plain text anymore. Do we have the same frequency distribution of the letters as we started in the beginning? Anywhere is of the same frequency distribution as it was in the beginning. Pardon? Every fifth letter, come on up here. Every fifth letter is going to be encrypted with the same key. So if your message is long enough, you can go ahead and use something smart like saying, wow, let's take every fifth letter and see if I can map it to a histogram of the English language. Looking for the peak at E, then T, then A. Well, it's not going to land on that letter, but you're going to see peaks and valleys and the more information content that's in your message, the more likely it is that they use a really bad encryption scheme. Because then you say, hey, the most frequently one is E and then the least frequently one would be Z and go from there. Usually you don't care about the low ones or going ahead and using the most common ones, you can start to make guesses. Now you see the cryptogram that's in the daily newspaper in a lot of cities today, right? How many possible keys are that? It's a simple substitution cipher. Well, A can map to how many other letters? 25. So B can map to any of the remaining 24, 23, 22. So 25 factorial combinations, which is a number that I think is actually bigger than our federal deficit this week. But, you know, yet trying to brute force billions and billions of keys is not the way most people solve that puzzle over a coffee in the morning. How do you do it? You eliminate a lot of those possibilities by looking at the histogram, by looking at the recurring patterns. And so for people who tell you, or vendors that tell you, our cryptography is better because we have a bigger key space than they do, the answer is so what? Your key space might stink because your algorithm is no good, and so you can with a pen and a pencil and a cup of coffee crack something from trillions and zillions of keys. That's not where the security lies. The security lies in the actual cryptography itself. In the fact that you've got a large key space just means that somebody can't kind of look at it and go, oh yeah, I bet this is this, this is this, et cetera. There's another cipher, and again, I'm giving you all these basic primitives to see these things in crypto contests and find ways to make stuff. Who here's won one of my crypto contests before? All right, a couple of thoughts. So you're here on my nickel, right? Coming out here from East Coast. All right, I give away plane tickets. I fly too much, and so I give away round trip plane tickets to people who sell my puzzles. I've given out seven of them, by the way. Southwest anywhere they fly in the U.S. good for a year. It's best if you use them coming to a hacker conference, very good. But a play fair cipher, or sometimes you're here to talk about that badge in a minute. You might see something that looks like this. What it involved is taking all 26 letters and putting them into a 25-square grid. Okay, which letter do you think we ought to leave out? Q. Q, yeah, it happens to me. Some places I leave out. C, some places I leave other things. This is not too different as you see it here from what was called the TAP code. Anybody remember where the TAP code was used? Yeah, the POWs in Vietnam. What happened in Hanoi is that if you're a prisoner there, you kept isolated from all the other prisoners. So you weren't allowed to talk to them, you weren't allowed to communicate, and they beat you if they found out. Well, pretty quickly they developed a TAP code that apparently the North Vietnamese never quite figured it out. And what it involved is getting row and column. You're basically setting an index on this particular grid. So if you want to greet somebody like, hello, the first one is a two down, three across, H-E and then hello and things like that. Pretty basic, but that's sort of one of those encryption things that is just this, what type would you call that? Substitution, right? You're substituting TAPs for particular letters. Pretty straightforward. And so in this particular case if we use a key of hacker jeopardy needs more crypto, for example, another cheap plug for hacker jeopardy, what we're going to do is we're going to start to populate those letters until we see a repeat and then we'll skip it because we can't use it more than once, right? And so there's H for hacker, you know, H-A-C-K-E-R. And I thought I had this in automatic, but it's mad. Okay, jeopardy, J, we already used E, so we can't use it again, right? Because E's already up there, so we skip it and go to the O and then P A-R-D-Y and then needs more crypto and now you're going to find out that you just fill in the last of the letters at the end. There's going to end in the bottom right corner with a Z, unless there's a Z in your key. And you say, well, is that a weakness? Potentially. Is there a problem here? Well, now that I've got this weird-looking grid, how do I use it? When I say with a PlayFairCypher, it's again, it's a pretty simple, there's only three rules. And so what the three rules are is that if you have two letters that are in the same row, like I'm trying to encrypt of, you know, R-O, I would just simply say R and R are in the same row, so I go to the right one click, J and P. If I'm trying to encrypt a pair of letters, S-T, where do you think it goes? M-Y wraps around. So this thing is like a cylinder that wraps back on itself. If I want to encrypt the letter pairs, F-I, they go to G-L. Man, if I want to encrypt the letter pairs I go to K-H. So in a row, it's pretty straightforward. But you notice what I'm doing, I'm breaking it up into two letter groups. Why? Because when I look on my particular grid, I need to have like a start and an end point. But wait, there's more. What if they're in a column? What if I try to encrypt the letter pair A-N? What do you think the result would be? J-F, yeah, you just go down one. If I encrypted S-W, S goes to G, W goes to C. See how that works? That's rule two. And what's the last possibility? If they're not both in the same row or they're not both in the same column, they're in different rows and columns. Is that a problem? Not at all. So if I want to encrypt the letter pair H and S, I just kind of make a little opposite corners. H goes to C, S goes to Y. If I encrypt J and I, it would go J goes over in the same column I is, it becomes a P. It goes back over to J's column, it's an F. Do I ever have to worry about wrapping around when I'm doing something like that? No, I don't, because it's not going to wrap around. So the wrap around is only going to get you if you're both in the same row or the same column. So it's like an infinite thing here, an infinite thing here, but the opposite corners work. So with those three simple rules, I can now take, now is the time for all good men to come to the edge of their country and I'll break it up into two-letter pairs. Now, here's the problem. If I've got the letter LL at the end for all, what do I do with LL? Where does LL go to? Well, LL goes to LL. It collapses onto itself. Is that a good crypto? No, it's not. So one of the first rules about a PlayFairCypher is you can't encrypt a pair of letters that are the same. So what do you do? You shove a filler in there. How will we put in a Q? Would that work? Because you're not using it. Well, all right, because then you know it won't process your encryption algorithm. So what do you think we ought to do with it? We'll stick an X in there. Why not? X marks the spot. So you can look at, we've padded the LL at the end and put an X after each one. So now that pair of LL becomes LXLX. So, now is the time for all becomes the following. We take that grid and now the N and the O, if we look at it. There it is. Third row, second column. N, O, becomes SJ. W, I, we look in there and it becomes XG. And if you look at each pair and take a moment to look at the grid, it's pretty straight forward. Well, you can code this thing, or if you had to, you could do it by hand. Seeing as this came from the 19th century, I would say it was a pretty good job that was done by hand. Initially. In fact, a lot of these things could be done that way. When I run crypto contests, I found people looking for, hey, I got to go download something, get a little JavaScript. Do it yourself. Think through it. Don't let somebody else do your thinking for you. The thing is that as we look at cryptography, it becomes a backbone of a lot of things we do in our society. It's also our protection for privacy and security, but it's based on some real simple MOOCs. Probably the most secure cryptography ever invented by man. This is what's called the Vernam cipher or one-time pad. What do you think one-time pad means? Use it once and throw it away. And so how long do you think the key has to be? The same length as the message. And all I'm going to do is I'm going to XOR them to the bit by bit. So XOR works really nice. Zero, exclusive or zero is zero. Zero XOR one is one. One XOR zero is one. And one XOR zero is zero. What mathematical function does XOR look like? A modular addition, but a mathematical operation. That's not something that something in fifth grade would know. Pardon? Not division. Can't divide by zero. Well, yeah, but that's not a simple. How about a not equal sign? Okay? Is zero not equal to zero? No, it's not. Zero being false. Is zero not equal to one? Sure, it's not equal. So that's interesting. If we do not equal, if anything is not equal to zero or if anything is not equal to itself, so if anything is not equal to itself, what collapses on the string of zeros? So if we encrypt a message with the key, and then we encrypt the message with the same key, what happens to the key? It goes away, and you get just the message back. That's a not equal sign. And so now, if we go ahead and we do some basic zero one one zero math, there's no carry in exclusive or. Which is great. You don't have to think. You just do one bit of the time. Hardware likes one bit of the time. You don't have to worry about carrying. And so this is very, very fast. This type of stuff is what you're going to see implemented in hardware most of the time. Now, if you want to encrypt it, by the way. Substitution cipher, one-time pad, you can substitute with or without a one-time pad, but the cool thing about a one-time pad is you use it once and throw it out. Now banking used to use that back in the 60s and 70s down in South America, but the problem was they were reusing the keys. Now the problem was they said if you reuse the key, what happens? Something plus itself adds to all zeros. To zero, I get zero. If I put zero to one, I get one. So exclusive or zero to a message gives me the message. And so now what was happening is you'd intercept one encrypted message, you'd intercept another encrypted message, you'd extort them together, and now you have one message encrypting the other message. But guess what? Those keys have patterns. The letter E, encrypting E, is the most common thing you're going to see, and you're going to see spikes and valleys, and now you can break that apart. And once you crack that, you've reverse-engineered it, and now you can break every banking message and you can empty the bank. That's why you can't use keys over like that. So let's think. If you want to win crypto contests, how do you do it? It helps to think like the person that developed them. Anybody's doing a loss challenge this year? Yeah, you're all, everybody, yeah, a couple guys back there. It's like, well, why aren't you acting with hardware? Did you figure out what is on the badge yet? It has to do with loss? Yeah, okay. So you're trying to try to think of that guy. If you listen to his talk of 101 yesterday, he's got some really weird ideas. God, it gets you thinking outside the box. Anybody know the Ninja Network party last year? We had this really cool badge. And if you played around with it, you read it around and finally you said Ninja Party. And if you went ahead and played with it, it was a game of Simon. And when you got all the way to the end, it said, don't cheat. A PlayFair Cypher. Hmm, PlayFair Cypher? Yeah, I want it. And that up there in the substrate was this particular set of paired letters. It looks an awful lot like a PlayFair, doesn't it? And you kind of eliminated all the other possibilities of what it might be, and you could start cryptanalyzing that and going after it. PlayFair, by the way, 676 different combinations. There's a lot of things you've got to worry about in some of these big grid things, but you don't have billions of keys. So there's some ways you can come up with some patterns and things like that, and that's what was out there on that particular thing. Okay, so let me tell you about a couple of crypto contests that I gave you because I got one for this year for DEF CON. And if I give you an idea to get you inside my head and see what things are put together. All right, so it was just after Marty Grodd a couple of years ago. I went down with my wife to New Orleans and she's a fairly good-looking lady, and so she didn't even have to show anything and they just threw on her piles of beads. Well, she thought, this is great. What am I going to do with beads? I got back to the hotel room and there's this massive amount of beads. You have to take, like, making runs to it. So I was like, I want to keep them. Why? Well, I can't throw them out yesterday. So I went across the street in Walgreens, like one in the morning, got this big box, started loading up with beads. And I put them in it before they start charging you. 50 pounds. So what do you got in the hotel room? Bathroom scale. Put the box in the bathroom scale and weigh it. What's the problem? Box is bigger than the bathroom scale. You can't see the readout. So how do you solve the problem? Think like a hacker. Yeah, weigh yourself, but it's how I did. I figured rather than hold this box, trying to look, because then how are you going to see it, right? This is brilliant. Put the garbage can on this scale, five-pound bag, a box. And the lady was saying, you're going to charge you extra. She's like, no, put your hand up. You can't charge me. It's exactly right. And so these things came home. I didn't want to kick them around the house for about 10 years. So I figured, okay, a couple of weeks we got Shmukan coming up. So this is what any normal person would do, right? If you had a whole bunch of beads sitting in your front hall, you'd invent a crypto contest. So I also have friends with too much free time. And so they develop all kinds of, like, really cool graphics that they're handing things out and posting it on Hardegra. She's also into cats. And your beads breaking your ciphers. Pretty cute, okay? So even cats get crypto. So what I did is I took all these beads. I randomly placed these things in the reg packets, because Bruce and Heidi are friends. And what we did is we unloaded a bunch of these things. Purple, gold, green, and pink. Well, what's the three colors of Hardegra? Purple, gold, and green. Where does the pink come from? I'm not sure, but I had a bunch of them. So Lost was helping me with this one. We wore red beads. So we're like four people wearing red beads. Everybody else had these other different colors. So what do we do? We had extra strings of red beads, because if somebody solved the problem, we give them a red bead. Well, what does that do now? Now the other person who you're competing against now has administrator privilege. They look like a judge. They got a red bead. So you can walk up to somebody who's got red beads on and say, have I got the answer? You had to work around the social engineer problem. So then I put a whole bunch of messages in the other packets. These are the plain text. Congratulations on your opportunity to join our first Mukan Crypto Conundrum. And you'll obtain an important hit that will assist in solving the first round. What's unusual about that text? Who said that? Come on down. You've got some good stuff waiting for you. No letter E. That was a little bit tough, so I couldn't say the word red, but they're also the same length of text. The plain text didn't have the letter E. The guy from Google who was working on this came up to me like on the second day, and he said, you are evil. Because he had tried everything he could think of and he couldn't come up with it. Why? Because you're looking for where E maps to and it wouldn't map to anything. Because what I did is I took these things, which is, by the way, it's called Lippogram. There was a book out there called Gadsby, which I think lost use a couple years ago is one of the keys. The entire story of over 50,000 words was written without using the letter E. Imagine that. So the padded plain text, we go ahead and notice what I've stuck in the middle. That letter Z again, you might see that again. The military, when the instructor said something would be on the final exam, they would kick the podium, so you'd be aware of it. That's also what you found out sometimes in the military back in World War II. If you wanted breaks between words, you put Z's in there, the zoo, and you had ZZ, you'd figure it out. So I used five Caesar ciphers. Seven, 13, one, 18, 11. What does that sequence spell out, by the way, in terms of index from the alphabet? G-Bark. Yeah, you already got stuff. You want some NSA swag though? Oh, you got plenty. Okay. Yeah, he works there. The pad. So what I did is I encrypt each one of them into this type of cipher text. Pretty straightforward. Each one, as you notice, is commonality. So if my GMA, so the third one, you're going to see a lot of repeating letters, but look at the stuff that you find there. And in fact, if you look at the last letter of each cipher text, because that was letter Z, remember I had to pad Z's at the end to make them all the right length, that's the weakness in my system, because look at the last character in each row. G-M-A-R-K. Now these were actually separate, four other people to go ahead and come up with these because I wouldn't give them all to one person. And they also had clues like this. They said shmoo, shmoo, shmoo, shmoo, shmoo. Actually, wait a minute. Yeah, I guess they did put them all in the same thing. I got a drink. So, six variants talked about the equate. And the truth turns to you down. By the way, I put little sayings down there. If you do not shmoo, it's too bad for you. And then the greatest good you do for another is not to just share your riches, but to reveal to him his own. They have nothing to do with the contest. And running down rabbit holes, with the concession of the bunnies here, bunny hole, for stuff like that. So, you got that? You got this thing, again, for my friend who has more time to do than she knows what she's talking about. Anybody can read that? Can you try the first line? Come on, I only got 50 minutes. Red E, four more. A short visit, 2C. In this case, it was a hacker, looks past 50, that was my talk that year. And it is a what? Well, no, not quite. That's the word operation, missing the letters P, A, I, N, N. It's a painless operation. So, this is, that's the way lost things, I don't think this way, but this is my friend did this. So, ready for that? And there you go. And so, if you came to my talk, a hacker looks past 50, you got new clues. That got you from the first stage, second stage, and here we go. And I handed out cards, admit one, so I used to do random drawings, and we picked stuff like this here. I'm just looking for smart people, which is better. And it had at the bottom of each one some little text field down there. Now these cards are original. They're from my mom's attic. I had them from an old job deck from the 1970s. Mom never throws anything out. She's living the same home for over 50 years. Thank goodness for that. If you wanted old stuff, tough for you when she passes away because we got to go through all that attic. But meanwhile, it's great for getting old 50 column cards. Here's down there, PSQC, FY. Well, we did a place fair. And the play fair cipher was the key. A hacker looks past 50. Why not? That's the name of the talk. So, again, we populate the squares using the things that we talked about before. And there we go. And that then becomes the encryption scheme. We take these messages, and these are the four messages that I put out there. Go ahead and email Marty Grosh, schmuckandotinfo. Who owns schmuckandotinfo? Me? Why? It was 99 cents. Did GoDaddy? Bruce didn't grab it. He didn't care about the .info. So, why not? I think Defcon.info is probably long gone. But you can think of these things early enough. It's first come, first served. Quick side story. Back in 1995, when I was first poking around on the Internet domain list, two-letter domains, a.a.com, a.b.com, how many possible two-character domains are there? Well, 6.7.6 are their letters. But who wants like, you know, 0x unless there's something after it? Well, it turned out that what percentage of those domain names were not in use? About 88% of them. It turned out that there were only about 80 of those domains were registered. And it could have had any of them. But back then, the ethic that we had was you don't take stuff you don't need. It was like seashells on the seashore. You see when you like, take it. You don't see when you don't like, just leave it. And so we just kind of left them go. So anyway, we decided to make a phone call and then interact with humans. The scariest part of all. We pad that for encryption. Squish them down together. Note the presence of a couple X's and they're like schmoocon on the top row. SHMOXOCON. You only have to worry about the double letter in a play fare if they happen to be in odd even positions. Because if they're in even odd, they stretch across the pair and they won't affect each other. But it was an error that one of the teams made that they discounted the whole thing because they found some letter pairs. Because if you go ahead and you encrypt it with the play fare cipher, it looks like this, but then you find out there's a bunch of letter pairs. If you're careful though, you notice that that R-R-M-M-I-I-K-K-A-A, they're not part of the same pair. It's the last of one and the first of another. And one team spent half a day, they forgot to even think about play fare because they assumed incorrectly that this is going to be a pair of letters. Because you can't have double letters in the same position. In this case, it was kind of delivered on my part. You notice you throw little curveballs in here just to make it fun. And so if you do each task, here's what happened. If you auto-responder, I had it set up from Marty Grach, Mukan.info, and you got back an email. Tango, Alpha, Whiskey, Cere, Alpha, Edge, Golf, Kilo, Golf, Mike, Indie, Echo, Five, Four. Send another email to the same domain using the numbers you find in the clues. If you get them all and in the right order, the fourth hint will be given to you. Recently. If you went to the website, it turned out that if you went to the first website that I have, you couldn't traverse, you know, Mukan.info, that was just a subdomain on mine. Hey, you couldn't traverse the first Mukan.info. You had to go up to G Mark and back down again. That was a basic web traversal challenge, but it was in there. And hats off to you, you solved puzzle two. And here's some more information. And the third clue, I was working on Hawaii at the time and the reserves, so I just gave you a voice message. Well, if you took those first three together and you added them all together, what you would get is the first three rows, and then again, go column-wise, the magic words to say to G Mark are give me white beads. Well, what is this 5, 7, 1, 4, 2, 8 thing? That was that fourth clue. Here's the fourth piece of forest so you need to look no more. So, wait a minute, this is like a cart before the horse. No, not really, because the first three rows had the digits in there. 5, 7, 1, 4, 2, 8. What's significant about 5, 7, 1, 4, 2, 8 in that sequence? No, it's not the firing order of the V6 that's two extra cylinders. Or sevens, yes, come on up, grab something. 1, 4, 2, 8, 5, 7, 1, 4, 2, 8, 5, 7, repeating irrational number, rational number, whatever. It's been a while. So if you get that fourth one, it gave you the last set of stuff before it. Did you find this with ease or use a force of a brute? Why? Because you could brute force all six-digit combinations, right? And eventually you'd get an autoresponder after you got hammered into this poor website. And so you got the information. So if someone came up to me and said, give me white beads, you got white beads. Well, the first team to do that, I got a call from a guy and says, hey, we solved your puzzle, could you give me white beads and say, great, come on, meet me in lobby. And four people come down. Anybody here? No, they're off doing the lost puzzle again. They're doing their one round trip ticket, but four people won. So what should I do? What would you do? Give them all. Why not? So I gave them all to it. And then they spent their time then, like this year, trying to solve the lost puzzle. So we're sitting there at the closing ceremony, and I say, like, any hints? They said, yes, start saving your money for next year because you're not going to get a free ticket. And I was going to say, by the way, that 2008 DEFCON puzzle remains unsolved because at a DEFCON puzzle that was like this, you solved it. There you are. You don't have to identify yourself if you don't want to. Which you could. You want to stand up? Somebody else wanted to stand up, right? Going? Going? You don't have to do this anymore? Nope, somebody else did not get it. Wait a minute. I'm going to let you finish, G-Mark, but I just got to say that Dan Kaminsky had one of the best talks of all time. What can I say? I think somebody just advanced when we were on the scavenger hunt. Anyway, it's fine gentlemen, you want to solve that thing, so he's out here on my dime as well. So you can create your own crypto, but be careful, it's like packing a parachute. Unless you know what you're doing, you can really screw it up. When I first shot, when I started my business in 1988, National Security Corporation sound like a pretty cool name. Why? I wanted to work for the National Security Agency if you heard my previous talks and found out that in the Navy, I couldn't convince the Detailer to send me there. They said, the Navy has no need for computer security. You need to go back out to sea. This is true, it's 1984. I left that duty one of the reserves and then decided to go ahead and do security on the outside. Why? Because I went to the Fort Meade after three years, I had to go look for a job. So I couldn't work for the National Security Agency, so I started National Security Corporation. So, first company I had, they had some crypto. And they encrypted a whole big database of corporations around America with credit histories. I can't mention their client name even today. And they said they had this newfangled invention in the late days called a CD-ROM. So instead of printing up directories, we're going to put on a CD, just exporting the entire database and then creating mailing lists and then doing stuff. Because what they used to do seriously back in the 80s is every year this thing would come out and people would hire a boiler room full of people just bang, bang, bang, and retype that stuff in there. They didn't have scanners. So, they wanted to do this. I said, okay, fine. We're going to hire you. We're going to give you 80 hours. You go ahead and prove that our crypto is good. What are you going to do? Just give you a sample of it. Well, I took it home, cracked it, came back in. It's supposed to be with the boss. Really, I hired him. He has his boss and his boss's boss there. I cracked the crypto. And now I've just embarrassed my client. And he had a pretty good recovery. He said, Mr. Big, I don't worry about it. We were just checking his young man out to make sure that he was actually pretty good. So it turned out that he was using the decoy cryptography and he did very well. So he's going to solve now the real crypto. And by the way, kid, you don't get any more time. So in the remaining 40 hours, I cracked the other crypto. And I assembled a mailing list, which is their greatest nightmare. And I presented that to them. And back then it was only, you know, it was the thing to use. And then they were like, well, yeah, yeah, we're going to do that. But oh, by the way, you just embarrassed me a second time before my boss. So we'll figure it out ourselves. So I went back there a little bit later, like a month later, trying to do a sales call. It's like, well, how's it going? Oh, yeah, we got this code. We're implementing this. It's great. We're restoring the key. Ah, we figured that out. We got like a 4,000 character block. We just stored it in there somewhere. No one's going to find it. I said, did you ever hear anything about bit parity? Because DES keys have that parity bit in there. So I have to look for eight bytes in a row with the same parity with the odds of that 256 is 4K. So how many times I go in there? 4, 8, 12, 16. Expect to evaluate. Eight tries, I'll crack your crypto every time. Sure you don't want some help. No, no, no, we got it. So best I know, they're still doing that. So Shmucon last year went over to Bruce and Heidi's house. And if you went to there, I don't know. Anybody do the East Coast trips? East Coast, all right. Yeah, I got my goon. So that's good. So anyway, put Morse code on the rim of each of the badges, as well as a bar code. Because it was like a bar code kind of thing. A year before, someone brought in a badge and they put bar code on it and someone thought that would be cool. And so they figured, why don't we do all these bar codes? And so everything had a bar code. So the problem is, because it was printed at an angle and it's a digital image, guess what happened to the bar codes? And most of the really high-res scanners wouldn't figure it out. If you had a low-res scanner, it scanned very nicely. But if you cracked the Morse code, and that little red X, by the way, I made a mistake. Nobody caught it, but I didn't eventually. But it was too late. The badges got printed. Actually, somebody did catch that. This is a left border. That was the right border. And that's a bar code. Who is here good at reading bar codes? What does that first bar code say? Anybody look at the program and look at the CD? Well, what it does, I'll spare you the work, is this is what it wrote into. So you had left border was Moosalto, and then Moosal Defense, and Chocolate Moose, and Moosketeers, and Room With A Moose, and Be Anonymous. Moosy Fate and Moose Nugget. And these bar codes. Well, the first column looks like what? One through eight. Helps you get them in order, just in case you can't. How many possible orders are there of eight different badges if you didn't have that? How many possible ways can you arrange eight things? Eight factorial. How about two to the eighth? No shfag for you. And these things are actually legitimate check sums from the right hand bar code. But what's stuff in the middle? What's this one, one, two, three, five, eight, one, three, two, one? What does that look like? Fibonacci. So many people said that I don't have enough shfag for you. So somebody raise hands, I'll throw in the general direction. If your hand's not up, don't keep it. All right. Fibonacci sequence. What's unique about the Fibonacci sequence? For those who didn't study math or were sleeping it. Well, one plus one is two. Plus one is three. Plus two is five. Plus three is eight. Plus five and eight are 13. Eight and 13 are 21 and so on. There's lots of different things you can do with that. But it tells you something that there ought to be something going on in there. So if you look at the table of values that I created and we just go ahead and we transcribe all eight badges, again, note the common element. You've got to socialize here. You have to look around and look at other people's badges. And you get people coming in stirring at your chest and saying, okay. And you end up with all these different combinations. But what's this stuff on the right? Well, it's just padding, right? It doesn't matter. Look, there's G mark. But guess who else showed up in here? That was not planned, honestly. That just came up and it's like, oh, wow, this is pretty neat. It's a sign. It's a great puzzle. And yeah, so he appeared in the middle of my crypto puzzle on column 13. So what we had at the end is like the telomeres. What's a telomere? Enter your DNA. That's all the stuff that when the telomere starts to unravel because it's like the padding at the end, it's a slack space in your file. Telomere's gone. What happens? Well, not die immediately. You start to reproduce your cells incorrectly. They turn into cancer cells. They get bigger, then you die. So if you keep your telomeres long, you'll die. So looking left or right on these telomeres, there's some stuff in there. I've had Bruce and Heidi, and I put an X and an O in there, but I spelled Heidi's name wrong. I didn't have to, but I did. It was stupid. And so then there's things that are left. How many letters are left? Who's good at counting? 16 letters are left. And how could that be significant? I don't know. Let's go back here. How many columns have I got? Think of a shift register. It's the first eight terms. They're eight badges. They're eight indices. What to do with them? Again, a lot of commonality. When you see the same numbers show up over and over again, it's usually not a coincidence. The only coincidence that ever came in here was the appearance of Jesus in my puzzle. So what we do is we take these things, and let's start shifting them. We'll first row. We'll leave 1, 1, 2, 3, 5, 8, 13, and 21. And if we have that as a starting position up top, we have 16, so 21 becomes what? Mod 16. Yep, comes 5. We shift these things over a little bit, and this guy wraps it all the way around, and you get this. And now, if we take out the G mark, and the Bruce and Heidi, you see one extra letter per column. Why would you think they just happened to distribute perfectly and they won each per column? They probably needed something to get there, right? Each column gets a spare letter, so what do you think I might do with a column? Come on, let's assume Goody's up here. Anyone? Bueller? Bueller? Anyone? There's a pattern, but it's padded. I already padded, so what do I do with it? Now it's padded. Come on, you guys got a lot of it in crypto puzzles. You got to think like a cryptographer. It's already aligned. We already realigned them. We padded it, and we're ready to go ahead and solve it. Okay. Give me $20. That's a negative puzzle. Steganography. No, it's not steganography. We go ahead and turn them into numbers so we can then do what to the numbers? Add them together. Who said that? Alright, come on up and help yourself with some really cool NSA swag, because letters don't add very well in your head, but numbers add pretty nicely. And so if we add by column, what do you think we get? Well, we get big numbers. Like these. Have problems making decisions? Well, yes and no. Okay, so we add up all these columns. We get 16 different columns. We get all these answers. Well, what do we do with the sum? They're too big. What's the 113th letter of the alphabet? We don't have one. So what do you think we do with them? We got 26. We got 26 of them. And now we go ahead and get these numbers. Alright, what do we do with those numbers? Turn them back into letters. Wow, we're doing great. Okay, this is like a really tough code. So take all those numbers. Turn them into letters. And this became the final pig Latin puzzle. The person who came up with the solution, they won round-trip ticket to come out here. By the way, the very lame Shmucon badge puzzle, which was weird because it involved like a PDP-8 paper-tape punch, and you had to assemble it. And you ran the program on a PDP-8 simulator. You had to take the output and run it through like some enigma simulator, and then you got some answer. And they gave you an 8-gig memory stick. It's like, dude, do my puzzles. They pay better. Who kind of sick-mind? This was at Bruce and Heidi's paper, a squared paper here. Actually, they didn't have any. I asked if they had any graph paper. He went out and he downloaded graph paper off the Internet. And that's what we get. Coming up with the puzzle, there's the original notes. It's not too tough, but you want to make it interesting. You want to put enough phases and stages in there and things like that. So anyway, the same sick-mind that came up with that came up with this one. Today's puzzle for today, tomorrow and Sunday to see if you can win it. It's a DEF CON level challenge, but it's a good one. It's an easy one, and you know as you make progress because all of a sudden, like a tumbler, it clicks, it unlocks. It's not like you have to get all the pins before all of a sudden you figure it out, like my ninja badge. But you'll get there from here. And so here's the first important hint. Look for gold on the DCCD. I think everybody knows what I'm talking about, right? What's the DCCD? All right, good. So you're not asleep. I got mine out here somewhere. So look for gold on it. That'll get you going. I'm going first. You don't have a laptop. That's a little bit of a tough puzzle, but... Anyway, I'm sure you could borrow one. Don't they have the hotel, the little lobby where you can go ahead and use your computer to book things like that? They don't really care if you put a DEF CON CD in there. But what I am doing is I'm going to go ahead and start posting clues on Twitter. So G under bar mark. By the way, if anybody can get the guy in Japan who owns G mark to give me his Twitter account without getting me in legal trouble, let me know. I'll be very thankful for it, but there's some guy who just keeps tweeting over there and he doesn't want to swap out accounts. But follow me at G under bar mark and I'll go ahead and give you clues for this. Koakon, anybody go to that? Up in Rhode Island. I didn't go to it. I couldn't make it. I was triple booked that weekend. So I came with a puzzle for him. Figure Rhode Island, a lot of water, nautical flags, navy guys. Navy puzzle. Anybody know read signs, read flags? That major diagonal left to right on the left. What do you think that spells? Take a guess. No, it's nine letters long on the diagonal. Drink. Q, U, A, H, O, G, C, O, N. Koakon, around here and around there. And on the back page of the program, you had all those different flags. Well, what am I going to do with the stuff on the left? How does that help solve the thing on the right? Okay, I turned the flags into letters. And then what do I do? Turn them into numbers. And then what do I do? Don't add them because I got a lot of blank spaces. Don't you ever read the paper? What do you do with the nine by nine grid when you've got some spaces with numbers and some don't have numbers? Oh, wow. How about that? Then what happens if you think you add those two together? You get a message. See, it's pretty easy. By the way, nobody got it at the con. Somebody had to solve it. They raced against Dave at home. Where are you? Over there. Yeah. This guy sitting at home said, oh, it took me an extra hour. I had to go feed the baby. It's like, blame. But he got it. So these things are a lot of fun. Shmulkan, this year. Here's what we did. Lots of badges. Anybody went to Shmulkan? You saw these four tuples of numbers. Up to six decimal points, to six decimal points, integer, integer. What do you think these might be? How often do you see numbers to six decimal points? What do you think that might be? Coordinates. Coordinates. Right. What kind of coordinates? Yeah, Latin long. GPS. So you take that. What about the next one? 3, 4, 5. 1, 1, 4. What could those possibly be? Area codes. Ah, it could be area codes, but 1, 1, 4 is not an area code, so drink. It could be flight number, room number. It could also be what? Direction. Direction. Yeah, exactly. Accompass direction. The last one is, well, the distance. In miles, nautical miles. Oh, it fell off the end of the map here. And so it turns out that if you go ahead and you take all these things and you look at the Latin long, you happen to find two in Google Maps and airport at each of those locations. And if you travel in the direction and speed from that to the next airport, it takes you to the next airport. So it helps you get them in the right order. And if you look at the three-letter airport codes and you string it all together, it makes a message. And so you win. So you don't have to go yet because we've got two more minutes and it'll get you out of here on time. So anyway, I'm going to be here. I'll answer your questions for you for the next couple of minutes. Got pretty for the next one, but I want to thank you for telling us for the crypto. Here's our bar mark. Basic maneuvers are all here. Look for gold on the DCCD and go ahead and win some of my plane tickets just like you can win Ben Stein's money. Thank you very much. Hope you have a great time.