impossible-challenge.md

If it's so easy to guess a uuid, here you go

I ran crypto.randomUUID() twice on my machine.

The first ID was 15041508-fd38-4eda-bc1d-7b74e4738cd9

The second? That's your challenge.

I encrypted a text file with the following command:

openssl enc -aes-256-cbc -salt \
  -in impossible-challenge.txt \
  -out impossible-challenge.txt.enc \
  -pass pass:{2nd-uuid-goes-here}

If you can crack this UUID, I'll give you $1,000.

Tbh it will probably easier to brute force the decryption than to guess the right ID.

glhf 🫡

URL: https://ezkf3xv6eh.ufs.sh/f/3odeDX4eRzTNTR6yUXl7hyMRY9qSDBodia428EnbJtWKgZzp

Theoretically, and that caries a lot of meaning in this sentance, if you knew a way to predict openSSL's RAND_bytes method's next output from it's previous few inputs. In this case [21, 4, 21, 8, 253, 56, 78, 218, 188, 29, 123, 116, 228, 115, 140, 217]. You could get the next few bytes, meaning you could know what the rest of node's uuidData variable is filled with, meaning you could convert that to hex and format it into a UUID. Only issue is the whole predicting openSSL's RAND_bytes method's next output.

My very smart friend solved this challenge and called me over to show me the solution. But when I got there, the police was all over, and I heard he was shot dead. Apparently he hacked into NSA or something.

The bastard had a failsafe that wiped his computers clean with the DoD 5220.22-M algorithm. Now there's no chance of getting that solution.

My very smart friend solved this challenge and called me over to show me the solution. But when I got there, the police was all over, and I heard he was shot dead. Apparently he hacked into NSA or something.

The bastard had a failsafe that wiped his computers clean with the DoD 5220.22-M algorithm. Now there's no chance of getting that solution.

Damn you police! shakes fist