Become a fan of Slashdot on Facebook


Forgot your password?
Encryption United Kingdom

GCHQ Challenge Solution Explained 107 107

First time accepted submitter DrDevil writes "The British spy agency GCHQ recently published a puzzle at (as featured on Slashdot), now just a few days later an academic at the University of Greenwich in England has posted a full video explanation of the puzzle. The puzzle has three stages and is not at all simple — likely to challenge even the best computer science graduates."
This discussion has been archived. No new comments can be posted.

GCHQ Challenge Solution Explained

Comments Filter:
  • Re:Opaque (Score:5, Insightful)

    by (660144) on Sunday December 04, 2011 @02:11PM (#38258372) Homepage

    The ability to recognise codes is precisely what they were testing.
    If they had used a week cryptography code everyone would have cracked it, if they had used a strong code no one could (at least no one who didn't already work for their competition).
    Utilizing an unexpected but extremely common code seems to be a nice solution.

  • by dachshund (300733) on Sunday December 04, 2011 @02:36PM (#38258566)

    didn't realize that reversing IA-32 excutables was the modern meaning of cracking a code. I figured it would be difficult and possibly even rely on dictonary attack of a cryptographic hash, but IA-32 machine code?

    For better or for worse, modern intelligence agencies are much more dependent on people who can RE software and develop exploits, than they are on pure cryptographers.

    This is a consequence of the rolling disaster that is software security, combined with the fact that crypto folks have (mostly) gotten their act together.

  • by wierd_w (1375923) on Sunday December 04, 2011 @02:41PM (#38258592)

    This is an intelligence agency, and network intrusion programs pumping executable code in the attempt at smashing a stack and jumping execution are pretty common.

    Perhaps they want people who can quickly spot x86 assembly payloads from raw packet traces as part of a counter aggression op?

    If we assume that their network stack isn't riddled with exploitable stack variables or pointers, and that they successfully prevent the code from running, but log the unrequested network access and dump the binary packets to file for analysis, then having people that can "at a glance" determine what kind of data is in those dumps would be valuable.

    Being able to determine what it actually is supposed to do even more so.

    With the recent hysteria over scada system cyber attacks (I hate that phrase btw..),setting up a fake scada system as a honeypot and seeing what the cat drags in could also make use of this skillset.

    So, the obvious questions:

    Does the UK fear it has poorly secured scada systems, or does it fear network worm intrusion on some network segement, and if so, what segments or systems are those?

  • by dnewt (2457806) on Sunday December 04, 2011 @08:43PM (#38261490)
    Unless you're intimately familiar with the tasks undertaken by GCHQ analysts such as the one this test is recruiting for, I think it's hard to say for sure whether the test was, in fact, good or bad. The thinking behind why some elements of the test were designed the way they were may not be immediately obvious. Having said that, I do wonder whether GCHQ would put their best minds to task working on devising a top rate recruitment puzzle. With the current international climate, combined the the current economic climate, I'd hazard a guess that their time is rather precious ;)

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis