
Last year we published some crypto challenges to keep you momentarily occupied from the festivities. This year, we're doing the same. Whether you're bored or just want to learn a bit more about the technologies that encrypt the internet, feel free to give these short cryptography quizzes a go.
We're withholding answers until the start of the new year, to give you a chance to solve them without spoilers. Before we reveal the answers; if you manage to solve them, we'll be giving the first 5 people to get the answers right some Cloudflare swag. Fill out your answers and details using this form so we know where to send it.
Have fun!
NOTE: Hints are below the questions, avoid scrolling too far if you want to avoid any spoilers.

Challenges
Client says Hello
Client says hello, as follows:
00000c07ac01784f437dbfc70800450000f2560140004006db58ac1020c843c
7f80cd1f701bbc8b2af3449b598758018102a72a700000101080a675bce16787
abd8716030100b9010000b503035c1ea569d5f64df3d8630de8bdddd1152e75f
528ae577d2436949ce8deb7108600004400ffc02cc02bc024c023c00ac009c0
08c030c02fc028c027c014c013c012009f009e006b0067003900330016009d
009c003d003c0035002f000a00af00ae008d008c008b010000480000000b
000900000663666c2e7265000a00080006001700180019000b0002010000
0d0012001004010201050106010403020305030603000500050100000000
001200000017000052305655494338795157524c656d6443436c5246574651
675430346754456c4f52564d674e434242546b51674e513d3d
[Raw puzzle without text wrap]
Time-Based One-Time Password
A user has an authenticator device to generate one time passwords for logins to their banking website. The implementation contains a fatal flaw.
At the following times, the following codes are generated (all in GMT/UTC):
- Friday, 21 December 2018 16:29:28 - 084342
- Saturday, 22 December 2018 13:11:53 - 411907
- Tuesday, 25 December 2018 12:15:03 - 617041
What code will be generated at precisely midnight of the 1st of January 2019?
RPKI
At Cloudflare, we just setup RPKI: we signed a few hundred prefixes in order to reduce route leaks. But some of the prefixes hide a secret message. Find the ROAs that look different, decode the word!
Hints
Client says Hello
This challenge has 3 hints, as follows:
- Challenge is based on a network capture
- https://blog.cloudflare.com/encrypted-sni/
- What's weird about the Frame?
TOTP
The Time-Based One-Time Password Algorithm is described in RFC 6238, which was based of RFC4226 (providing an algorithm for HOTP). The TOTP algorithm requires input of two important parameters, the time and a shared secret - could one be missing?
The implementation used to generate the TOTP codes for the challenge uses SHA-1 as a digest algorithm.
RPKI
This challenge has 4 hints, as follows:
- Hint #0: Four or six? Probably six.
- Hint #1: If only there was a way of listing only our IPs!
- Hint #2: What is the only part of the ROA where we can hide information into
- Hint #3: Subtract the reserve, the char will show itself
Solutions
Stay tuned!
Interested in helping build a better internet and drive security online? Cloudflare is hiring.