impossible-challenge.md

If it's so easy to guess a uuid, here you go

I ran crypto.randomUUID() twice on my machine.

The first ID was 15041508-fd38-4eda-bc1d-7b74e4738cd9

The second? That's your challenge.

I encrypted a text file with the following command:

openssl enc -aes-256-cbc -salt \
  -in impossible-challenge.txt \
  -out impossible-challenge.txt.enc \
  -pass pass:{2nd-uuid-goes-here}

If you can crack this UUID, I'll give you $1,000.

Tbh it will probably easier to brute force the decryption than to guess the right ID.

glhf 🫡

URL: https://ezkf3xv6eh.ufs.sh/f/3odeDX4eRzTNTR6yUXl7hyMRY9qSDBodia428EnbJtWKgZzp

Hey guys, ive made some pretty ground breaking discoveries haha, currently running this on a i9 12900k at 4.3ghz which is 24 threads, but wait im also using a GTX 1650 S, i see the twitter post only 2 hours ago sadly, but in the 2hrs ive manged to HIT a AVG OF 1.82B/sec

I plan to upgrade the gpu maybe tomorrow if i find a good deal.
So technically this is now possible ? with a super computer? the answer is NO ...
doesn't mean this isnt possible, because this doesn't account for the probability of luck

Is this the correct UUID?

wtf is going on here.

Pro tip: If you switch to quantum brute-forcing, you might shave it down to a mere 10²⁰ years. Let me know when you’ve got a working qubit array handy.

Is this the correct UUID?

@t3dotgg

Is it the correct one?

Is this the correct UUID?

@t3dotgg

Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

Is this the correct UUID?

@t3dotgg
Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

The words from the decrypt must be valid English

checking

Is this the correct UUID?

@t3dotgg
Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

Saw the tweet in transit, still in transit.

is the content of the file "The quick brown fox jumps over the lazy dog"?

Guys I think I found it, is it 892ca870-c4bf-4d1b-9ebe-c98003454635?

Oh shit wrong account

hello from stream

Thank you @t3dotgg i had the time of my life. i feel like we need to sign a yearbook or something

We.re.gonna.be.friends._.mp4

Theoretically, and that caries a lot of meaning in this sentance, if you knew a way to predict openSSL's RAND_bytes method's next output from it's previous few inputs. In this case [21, 4, 21, 8, 253, 56, 78, 218, 188, 29, 123, 116, 228, 115, 140, 217]. You could get the next few bytes, meaning you could know what the rest of node's uuidData variable is filled with, meaning you could convert that to hex and format it into a UUID. Only issue is the whole predicting openSSL's RAND_bytes method's next output.

My very smart friend solved this challenge and called me over to show me the solution. But when I got there, the police was all over, and I heard he was shot dead. Apparently he hacked into NSA or something.

The bastard had a failsafe that wiped his computers clean with the DoD 5220.22-M algorithm. Now there's no chance of getting that solution.