don't take the raw flag string as the private key, process it through Keccak-256 for proper diffusion

this alleviates the need to manually write flags that are 64 characters long to protect against cryptanalysis

this changes the encoding -- players need to use the same encoding for submissions as the one used to post challenges

flag_encoder/index.html

@@ -25,19 +25,14 @@
 
 		function getPrivateKey() {
 			var s = inpFlag.value;
-			var k = new BN(0);
 			var h = "0x";
 			if (s.slice(0, 5) !== "CCTF{" || s.slice(-1) !== "}")
 				return null;
 			for (i in s) {
 				var c = s.charCodeAt(i);
-				k = k.muln(16).addn(c);
 				h += c.toString(16).padStart(2, "0");
 			}
-			if (k.mod(secp256k1n).eqn(0)) {
-				return null;
-			}
-			return h;
+			return "0x" + new BN(keccak256(h).slice(2), 16).mod(secp256k1n).toString(16).padStart(64, 0);
 		}
 
 		function updateOutputValues(ev) {