Commit Graph

13 Commits (b4c814c5f0a9722ba9dfb5a5bfd9f8f12d9a510c)

Author SHA1 Message Date
SI b4c814c5f0 bump the version number up: v0.5 2024-04-05 16:52:07 +02:00
SI d451db0137 implement an option to reject non-checksum addresses put in the contestant's address field 2024-04-05 16:43:03 +02:00
SI 410bc147de add some field value length limits 2024-04-05 02:50:03 +02:00
SI 495e871d1a update the input field's acceptable-pattern to allow only printable ASCII, and tweak the (recommended) field width 2024-04-05 02:43:29 +02:00
SI 1eb8b5d97e test the contestant address field for validity 2024-04-05 02:26:00 +02:00
SI 512ecf13d6 use "1 + (h mod (n - 1))" instead of "mod n" to cast a hash to a private key
a private key must be in range [1, n - 1]

this change neatly eliminates the scenario where the private key value ends up being 0, though it was extremely unlikely to occur in the first place (and could not even be easily forced)

this changes the encoding -- players need to use the same encoding for submissions as the one used to post challenges
2024-04-05 01:40:07 +02:00
SI 470a92264d allow only printable ASCII characters in flag strings 2024-04-04 02:34:13 +02:00
SI 1eabc67732 don't take the raw flag string as the private key, process it through Keccak-256 for proper diffusion
this alleviates the need to manually write flags that are 64 characters long to protect against cryptanalysis

this changes the encoding -- players need to use the same encoding for submissions as the one used to post challenges
2024-04-04 02:21:47 +02:00
SI 0a7fca68dd ensure that the flag field is formatted as CCTF{...}, otherwise treat it as invalid 2024-04-04 02:16:55 +02:00
SI c186f2b318 properly handle the case where the (flag-derived) key is invalid (e.g., namely, unpopulated field)
this practically rewrites the JavaScript code in the index.html file

now the tool works without manual intervention
2023-11-22 20:10:27 +01:00
SI d2a8c1eba8 rewrite pattern using \{ instead of [{] 2023-11-21 02:12:47 +01:00
SI c7cdc0631d add type="text/javascript" to <script>s 2023-11-21 02:12:07 +01:00
SI 5afb8c91ca implement a proper flag encoder tool as an HTML+JS app 2023-08-20 01:20:23 +00:00