impossible-challenge.md

If it's so easy to guess a uuid, here you go

I ran crypto.randomUUID() twice on my machine.

The first ID was 15041508-fd38-4eda-bc1d-7b74e4738cd9

The second? That's your challenge.

I encrypted a text file with the following command:

openssl enc -aes-256-cbc -salt \
  -in impossible-challenge.txt \
  -out impossible-challenge.txt.enc \
  -pass pass:{2nd-uuid-goes-here}

If you can crack this UUID, I'll give you $1,000.

Tbh it will probably easier to brute force the decryption than to guess the right ID.

glhf 🫡

URL: https://ezkf3xv6eh.ufs.sh/f/3odeDX4eRzTNTR6yUXl7hyMRY9qSDBodia428EnbJtWKgZzp

Is this the correct UUID?

wtf is going on here.

Pro tip: If you switch to quantum brute-forcing, you might shave it down to a mere 10²⁰ years. Let me know when you’ve got a working qubit array handy.

Is this the correct UUID?

@t3dotgg

Is it the correct one?

Is this the correct UUID?

@t3dotgg

Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

Is this the correct UUID?

@t3dotgg
Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

The words from the decrypt must be valid English

checking

Is this the correct UUID?

@t3dotgg
Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

Saw the tweet in transit, still in transit.

is the content of the file "The quick brown fox jumps over the lazy dog"?

Guys I think I found it, is it 892ca870-c4bf-4d1b-9ebe-c98003454635?

Oh shit wrong account

hello from stream

Theoretically, and that caries a lot of meaning in this sentance, if you knew a way to predict openSSL's RAND_bytes method's next output from it's previous few inputs. In this case [21, 4, 21, 8, 253, 56, 78, 218, 188, 29, 123, 116, 228, 115, 140, 217]. You could get the next few bytes, meaning you could know what the rest of node's uuidData variable is filled with, meaning you could convert that to hex and format it into a UUID. Only issue is the whole predicting openSSL's RAND_bytes method's next output.

My very smart friend solved this challenge and called me over to show me the solution. But when I got there, the police was all over, and I heard he was shot dead. Apparently he hacked into NSA or something.

The bastard had a failsafe that wiped his computers clean with the DoD 5220.22-M algorithm. Now there's no chance of getting that solution.

My very smart friend solved this challenge and called me over to show me the solution. But when I got there, the police was all over, and I heard he was shot dead. Apparently he hacked into NSA or something.

The bastard had a failsafe that wiped his computers clean with the DoD 5220.22-M algorithm. Now there's no chance of getting that solution.

Damn you police! shakes fist

Got Sonnet 3.7 write a bruteforce checker in rust with both CPU multithreading + metal shader for M3 Pro GPU. It's doing ca 30M ops/sec tho I'm too lazy to wait for it.

If anyone's interested, the source code is at https://github.com/EmpiresHQ/bruteforce/ Please donate to charity if it works :)

my single threaded program checks 10M ops/sec... i dont think your code is that optimized