It would be nice if the CTF site could be kept alive (meaning you can still solve the puzzles and move up in levels) for another month or so. Not as a 'competition', as it was, but just to allow more people to fiddle with it.
I got in late and couldn't afford to spend a whole day cracking but I'd love to play some more if it opens again.
It was very well executed event. The levels were well designed and the complexity increased at each level. I couldn't capture the flag ( got stuck at level 8), but it was a week in which I learnt a lot. Kudos to the Stripe team for organizing such an event.
To me, the chart-as-written says that the average time per level for people who reached only level 7 was ~18h, and for people who reached level 8 was ~36h? That would mean level 8 took on average 8x36 - 7x18 = 162 hours to complete...
Does it mean average total time, separated out by the max level reached (so, level 8 took at least 36-18=18 hours on average, but probably more)? Or is the level on the x axis mean "max level reached" for the number of people (dotted line), but "level" for the average time, so that it's just directly 36h average?
It's further complicated because the clock kept ticking even when people took breaks to sleep and go to work, so I don't even know what to expect. To be fair, it has been ~360h since the competition began.
Well yeah. But (apparently?) the x-axis label only pertains to one of the lines (dotted), while the title pertains only to the other line (solid), but inaccurately! Hence the confusion, and the question: Can you tell me which of the the interpretations I suggested for the solid line, which may have an inaccurate title and no x axis label, is correct?
I like it that they especially tailored this for newbie (like me). I learned so much progressing the levels (from nothing). The people at #irc were super helpful too (while not revealing the answer)
Wow, I felt the exact opposite! Level 8 was really fun for a bunch of reasons. It seemed like a tricky, probabilistic timing thing (despite their many statements to the contrary!) until the eureka hit and you saw the deterministic way forward. Eureka moments like that are fantastic. It was an attack I had never read about or thought about, but which (despite being admittedly contrived) could plausibly exist in the wild. It required writing a real program (which none of the others did). And most importantly, it was awesome to see the numbers spin and lock into place, just like they do in the movies :)
Level 7 (which I really liked too!) was boring compared to that - either you knew about that specific hash attack or you didn't, and once you found out what it was meant to be, you just had to modify some stuff in a python repl to make it work.
You should be able to run most challenges just fine, I guess.
Dependencies are noted per level and easy to get on most systems, I assume (i.e. python or ruby plus some extras. 4/6 need phantomjs as well for the bot).
I really think VMs (or even a single one) would be overkill.
Yeah that's where my knowledge ran out. Still feel pretty good about finishing everything up to level 7 on my pretty vague understanding of various attacks :)
