SSL Challenge [Long form]
[Revised August 19, 1995]
Note: this challenge has been broken! Look for more information on the SSL Challenge Break.
Here is a challenge to try breaking SSL using the default exportable encryption mode, 40-bit RC4. It consists of a record of an actual submission I made of form data which was sent to Netscape's electronic shop order form in "secure" mode. However the data I entered in the form is not my real name and address. The challenge is to break the encryption and recover the name and address info I entered in the form and sent securely to Netscape.
A URL for info on SSL is http://home.netscape.com/newsref/std/SSL.html. A short form of this challenge, without annotations, is here.
Below is the data which was sent back and forth, along with some annotations to help interpret it. The connection was made to order.netscape.com at port 443, the https port. The following is the first message from client to server, the CLIENT-HELLO message. It is not encrypted. 0x80 0x1c 0x01 0x00 0x02 0x00 0x03 0x00 0x00 0x00 0x10 0x02 0x00 0x80 0xaf 0x84 0xa7 0x79 0xf8 0x13 0x69 0x20 0x25 0x9b 0x53 0xa0 0x60 0xae 0x75 0x51 This is interpreted as follows: 0x80 0x1c Length field: 28 bytes follow in the packet. 0x01 MSG_CLIENT_HELLO 0x00 0x02 CLIENT-VERSION-MSB CLIENT-VERSION-LSB 0x00 0x03 CIPHER-SPECS-LENGTH-MSB CIPHER-SPECS-LENGTH-LSB 0x00 0x00 SESSION-ID-LENGTH-MSB SESSION-ID-LENGTH-LSB 0x00 0x10 CHALLENGE-LENGTH-MSB CHALLENGE-LENGTH-LSB 0x02 0x00 0x80 CIPHER-SPECS-DATASESSION-ID-DATA 0xaf...0x51 CHALLENGE-DATA [16 bytes] The only cipher spec sent (and hence supported) by the browser is 0x02 0x00 0x80, which is SSL_CK_RC4_128_EXPORT40_WITH_MD5. No session id is sent, hence new key information will be calculated for this session. And 16 bytes of challenge data are sent in the clear; this will be useful as known plaintext returned encrypted by the server later. The following data is then returned by the server, in the SERVER-HELLO message: 0x82 0x2b 0x04 0x00 0x01 0x00 0x02 0x02 0x0d 0x00 0x03 0x00 0x10 0x30 0x82 0x02 0x09 0x30 0x82 0x01 0x72 0x02 0x02 0x00 0x88 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x30 0x47 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x10 0x30 0x0e 0x06 0x03 0x55 0x04 0x0b 0x13 0x07 0x54 0x65 0x73 0x74 0x20 0x43 0x41 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x30 0x1e 0x17 0x0d 0x39 0x35 0x30 0x32 0x32 0x34 0x30 0x31 0x30 0x39 0x32 0x34 0x5a 0x17 0x0d 0x39 0x37 0x30 0x32 0x32 0x33 0x30 0x31 0x30 0x39 0x32 0x34 0x5a 0x30 0x81 0x97 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x13 0x30 0x11 0x06 0x03 0x55 0x04 0x08 0x13 0x0a 0x43 0x61 0x6c 0x69 0x66 0x6f 0x72 0x6e 0x69 0x61 0x31 0x16 0x30 0x14 0x06 0x03 0x55 0x04 0x07 0x13 0x0d 0x4d 0x6f 0x75 0x6e 0x74 0x61 0x69 0x6e 0x20 0x56 0x69 0x65 0x77 0x31 0x2c 0x30 0x2a 0x06 0x03 0x55 0x04 0x0a 0x13 0x23 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x6f 0x72 0x61 0x74 0x69 0x6f 0x6e 0x31 0x16 0x30 0x14 0x06 0x03 0x55 0x04 0x0b 0x13 0x0d 0x4f 0x6e 0x6c 0x69 0x6e 0x65 0x20 0x4f 0x72 0x64 0x65 0x72 0x73 0x31 0x15 0x30 0x13 0x06 0x03 0x55 0x04 0x03 0x13 0x0c 0x41 0x72 0x69 0x20 0x4c 0x75 0x6f 0x74 0x6f 0x6e 0x65 0x6e 0x30 0x5a 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x01 0x05 0x00 0x03 0x49 0x00 0x30 0x46 0x02 0x41 0x00 0xa5 0xa7 0x7b 0x42 0xb1 0x79 0x2d 0x0b 0x35 0x08 0xb4 0x0d 0x74 0x1d 0x46 0x6a 0x29 0x07 0x47 0x08 0xdc 0x3a 0x76 0x36 0xbd 0x7f 0xb3 0xd4 0xa9 0x85 0x9d 0x4b 0x65 0x74 0xc1 0x00 0x56 0xec 0x5a 0x31 0x72 0x23 0x04 0xc1 0xcf 0x78 0x63 0x21 0x77 0x69 0xd9 0xf0 0x61 0xc8 0x73 0xf7 0xdc 0x4c 0xde 0xd2 0x22 0x99 0x79 0xdf 0x02 0x01 0x03 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x03 0x81 0x81 0x00 0x7e 0x4a 0x28 0x7d 0xba 0xfa 0x41 0x5a 0x19 0x1c 0x9a 0xea 0x6d 0x3b 0x07 0x1c 0x97 0xe0 0xf5 0xf8 0x4c 0xd5 0x92 0x0c 0x1c 0x30 0x49 0x06 0x72 0x42 0x9a 0x3f 0xfc 0x3b 0x11 0x17 0x78 0x7e 0x6c 0x27 0x8a 0x12 0x19 0xf3 0x08 0x18 0x6e 0xe0 0xc3 0xbe 0xe7 0x37 0xbd 0x4e 0xae 0xe1 0x9e 0x4a 0x3b 0xa9 0xbf 0xc0 0x92 0x59 0x2c 0xdb 0x37 0x34 0xc8 0xa0 0xc0 0xba 0xb8 0x6f 0xd3 0xd6 0xc7 0x48 0x88 0xbc 0xd6 0xff 0x7a 0xf7 0x76 0x70 0x2c 0x19 0x07 0xc8 0x7c 0x80 0x29 0x18 0x58 0xfc 0xd1 0x12 0x86 0x99 0x4e 0x32 0xee 0xb9 0xf5 0x11 0x70 0xd5 0x1b 0xf7 0x85 0x5b 0x4a 0x0e 0xd6 0xe6 0x6c 0x52 0xf5 0x8a 0x2c 0x97 0x3e 0x63 0x85 0x57 0x43 0xbc 0x02 0x00 0x80 0xbf 0xeb 0x90 0xf8 0x2c 0x0c 0xe1 0xea 0x18 0xac 0x11 0x4c 0x83 0x14 0x21 0xb6 This is interpreted as follows: 0x82 0x2b Packet length, 555 bytes follow. 0x04 MSG-SERVER-HELLO 0x00 SESSION-ID-HIT 0x01 CERTIFICATE-TYPE 0x00 0x02 SERVER-VERSION-MSB SERVER-VERSION-LSB 0x02 0x0d CERTIFICATE-LENGTH-MSB CERTIFICATE-LENGTH-LSB 0x00 0x03 CIPHER-SPECS-LENGTH-MSB CIPHER-SPECS-LENGTH-LSB 0x00 0x10 CONNECTION-ID-LENGTH-MSB CONNECTION-ID-LENGTH-LSB 0x30...0xbc CERTIFICATE-DATA [525 bytes] 0x02 0x00 0x80 CIPHER-SPECS-DATA 0xbf...0xb6 CONNECTION-ID-DATA [16 bytes] Most of the packet is the certificate. SESSION-ID-HIT is 0 since no session ID was sent by the client. After the 525 (0x020d) bytes of certificate comes the 3 byte code for 40 bit RC4, then the 16 byte connection ID. The main importance of the connection ID data here is that it helps to calculate the session keys as described below. The next message, from the client to the server, is the CLIENT-MASTER-KEY sent mostly in the clear: 0x80 0x55 0x02 0x02 0x00 0x80 0x00 0x0b 0x00 0x40 0x00 0x00 0x0e 0x89 0x94 0xb8 0xbf 0x0e 0xb9 0x2e 0x50 0x44 0x07 0x8c 0x52 0xeb 0xef 0x44 0xc1 0x01 0x4b 0xc1 0x02 0xd2 0x2e 0x37 0x1f 0x1d 0x54 0xc2 0x83 0x45 0x79 0x6b 0xc8 0xe3 0x85 0x17 0xb8 0xd4 0x84 0xc6 0x9f 0xb1 0x6a 0x03 0x2e 0x97 0xae 0x82 0x75 0x10 0xf0 0x7b 0x5f 0x25 0x7b 0x88 0x75 0xc6 0x7a 0x33 0x5f 0xd6 0x96 0x99 0x94 0xd0 0x7a 0x78 0xae 0x50 0x32 0x1a 0xbb 0x66 0x50 It is interpreted as follows: 0x80 0x55 Packet length, 85 bytes follow. 0x02 MSG-CLIENT-MASTER-KEY 0x02 0x00 0x80 CIPHER-KIND 0x00 0x0b CLEAR-KEY-LENGTH-MSB CLEAR-KEY-LENGTH-LSB 0x00 0x40 ENCRYPTED-KEY-LENGTH-MSB ENCRYPTED-KEY-LENGTH-LSB 0x00 0x00 KEY-ARG-LENGTH-MSB KEY-ARG-LENGTH-LSB 0x0e...0x07 CLEAR-KEY-DATA [11 bytes] 0x8c...0x50 ENCRYPTED-KEY-DATA [64 bytes] KEY-ARG-DATA The 11 most significant bytes (88 bits) of "master key" information are sent in the clear as the CLEAR-KEY-DATA. The remaining 40 low-order bits of the 128-bit master key are RSA encrypted using the server's public key, expanding in the process to 64 bytes, and sent as the ENCRYPTED-KEY-DATA. No KEY-ARG-DATA is sent since RC4 doesn't need an initialization vector. Now that these packets have been exchanged, from this point on, all packets are sent encrypted. For each such packet, after the packet length bytes there is a 16-byte Message Authentication Code (MAC). Then comes the body of the packet data. The whole packet after the length bytes, including the MAC and the rest of the data, is RC4 encrypted. Two different session keys are used, both generated from the master key, the 16-byte challenge data, and the 16-byte connection ID data. The CLIENT-READ-KEY, used for data sent from server to client, is calculated as: MD5 (MASTER-KEY, "0", CHALLENGE, CONNECTION-ID). "0" is one byte of 0x30, ascii 0. The CLIENT-WRITE-KEY, used for data sent from client to server, is calculated as: MD5 (MASTER-KEY, "1", CHALLENGE, CONNECTION-ID). "1" is one byte of 0x31, ascii 1. MD5 produces 128 bits of output which are used directly as the key input to the RC4 algorithm. The next message, from server to client, is SERVER-VERIFY. It is sent encrypted: 0x80 0x21 0x37 0x68 0x3a 0x8c 0x7d 0x33 0xb2 0x2f 0xb9 0x66 0xeb 0xd2 0x63 0xcd 0xa7 0xed 0x71 0xa0 0xb6 0x2f 0xb6 0xe2 0x31 0xa4 0x2a 0x81 0xd3 0x25 0x61 0x58 0xbc 0xf0 0xf4 This is interpreted as follows: 0x80 0x21 Packet length, 33 bytes follow 0x37...0xed RC4 encrypted MAC [16 bytes] 0x71 RC4 encrypted MSG-SERVER-VERIFY (0x05) 0xa0...0xf4 RC4 encrypted CHALLENGE-DATA from CLIENT-HELLO message [16 bytes] After the RC4 encrypted MAC comes 17 bytes for which we know the plaintext: the MSG-SERVER-VERIFY byte (which has a plaintext value of 0x05) and then 16 bytes of challenge data from the first client message, all encrypted. These 17 bytes represent known plaintext which can be used to easily check any guessed RC4 CLIENT-READ-KEY. Let me make this a little more clear. After the key setup for the CLIENT-READ-KEY, the first 16 bytes encrypted are the MAC. We don't know the plaintext for those. But for the following 17 bytes we know plaintext and cyphertext. This would probably be the best way to break the cipher through exhaustive search. Here is the data: Plaintext (MSG-SERVER-VERIFY plus CHALLENGE-DATA): 0x05 0xaf 0x84 0xa7 0x79 0xf8 0x13 0x69 0x20 0x25 0x9b 0x53 0xa0 0x60 0xae 0x75 0x51 Ciphertext (from SERVER-VERIFY packet): 0x71 0xa0 0xb6 0x2f 0xb6 0xe2 0x31 0xa4 0x2a 0x81 0xd3 0x25 0x61 0x58 0xbc 0xf0 0xf4 The next message in the protocol is CLIENT-FINISHED, sent encrypted from client to server: 0x80 0x21 0xed 0x59 0x0a 0x2a 0x80 0x50 0x42 0xec 0xcd 0xed 0x6c 0x96 0x0a 0xab 0x5c 0x0e 0xed 0x55 0xc3 0x21 0x6e 0x34 0x26 0x5b 0x46 0x41 0x35 0x51 0xb7 0xaa 0xec 0x57 0x9f This is interpreted as follows: 0x80 0x21 Packet length, 33 bytes follow 0xed...0x0e RC4 encrypted MAC [16 bytes] 0xed RC4 encrypted MSG-CLIENT-FINISHED (0x03) 0x55...0x9f RC4 encrypted CONNECTION-ID from SERVER-HELLO [16 bytes] This is the first message sent encrypted with the CLIENT-WRITE-KEY and could also be used as known plaintext to check a guessed key. The next message is SERVER-FINISHED, sent encrypted from server to client: 0x80 0x21 0x79 0x84 0xc6 0xb6 0xde 0xf4 0x4c 0xd2 0x52 0x56 0xdc 0x58 0x23 0xa0 0xfa 0x4d 0x06 0x7d 0x4c 0x12 0x32 0x32 0xea 0xaa 0x5a 0xb6 0xa7 0xb8 0x1a 0x66 0xeb 0x65 0x56 This is interpreted as follows: 0x80 0x21 Packet length, 33 bytes follow 0x79...0x4d RC4 encrypted MAC [16 bytes] 0x06 RC4 encrypted MSG-SERVER-FINISHED (0x06) 0x7d...0x56 RC4 encrypted SESSION-ID-DATA [16 bytes] The SESSION-ID-DATA has not been previously sent in the clear. It would be used to cache the key info for a future session. From here on out, the handshaking is done. Every message sent will be encrypted and packetized. The first two bytes are packet length, then 16 bytes of MAC, then the data. The MAC and data are RC4 encrypted using either CLIENT-READ-KEY or CLIENT-WRITE-KEY depending on the direction of transmission. This is the first data message from client to server. Presumably it is an http "GET" request, with form information embedded in the URL. This is the main one to try decrypting. The encrypted MAC is in bytes 0x07...0x98 and the first data byte is then 0x6b. 0x82 0xf8 0x07 0x97 0xef 0x99 0x66 0x45 0x48 0x22 0xe4 0xdc 0x31 0xe4 0xf9 0x0b 0xb9 0x98 0x6b 0x99 0x2a 0x09 0x29 0xae 0xa6 0x8d 0xbf 0xb0 0xd3 0xa6 0x83 0xec 0x69 0x1c 0xcc 0x11 0x66 0x84 0x21 0x77 0xfb 0x86 0x73 0x10 0xfb 0xa9 0xe3 0x3b 0x2f 0xd4 0x0f 0xb9 0xbd 0x3f 0xa4 0x0b 0x41 0xd5 0xc9 0x90 0x6d 0xa7 0x34 0x7a 0x5a 0xc1 0x69 0x8d 0xe9 0x64 0xad 0x0d 0xa8 0xae 0x91 0xd1 0xa6 0x70 0xac 0xf9 0xe6 0x11 0x38 0xa0 0xa7 0xd9 0x7c 0xc7 0x18 0x17 0xe2 0x0d 0x8d 0x30 0xb0 0x1c 0x22 0x25 0xa3 0x61 0xee 0xa2 0xca 0xe5 0xf8 0x20 0x5b 0xe1 0x58 0xcf 0xa5 0x21 0xe3 0x23 0xa6 0xfb 0xf6 0x2b 0xba 0x69 0xca 0xa3 0xe6 0x4a 0x47 0x4c 0x77 0xb8 0xc2 0x93 0x8e 0xb7 0x5d 0x17 0x06 0x57 0x19 0x6e 0x00 0x34 0xd6 0xc5 0x64 0x5e 0x23 0x60 0x03 0xf9 0xb2 0x9d 0xee 0xb4 0x83 0x28 0xae 0xfe 0xbb 0xb0 0xe3 0x49 0xfc 0x8f 0x68 0x24 0x51 0x03 0x26 0x8f 0x2b 0xcd 0xc1 0x0c 0x6d 0x79 0xed 0xc4 0x7f 0x3a 0x1e 0x2a 0xc5 0x4e 0xd8 0xe9 0x35 0x27 0xb7 0xde 0x50 0xc3 0xac 0x49 0x84 0x55 0x90 0xa6 0x44 0xcb 0xf7 0xfc 0x69 0xb4 0x19 0xea 0xb6 0xf0 0x72 0x37 0xef 0xfc 0xdf 0x20 0xaf 0x34 0x10 0xa8 0xf9 0xc2 0x74 0xa8 0x64 0xb2 0xd5 0xe9 0x25 0xd8 0xf2 0xca 0xf6 0xb6 0xa0 0x35 0x6f 0x3c 0x6c 0x4c 0xc6 0x99 0x4e 0x51 0xc4 0x5c 0x32 0x8e 0x0b 0x7c 0x59 0x7b 0xda 0x19 0x3f 0x89 0x7b 0xd3 0x33 0x9c 0x2d 0x20 0x46 0x59 0x26 0xb4 0x20 0x61 0x54 0x49 0xb8 0x71 0xa4 0xde 0x2b 0x7b 0xf3 0xdd 0xb2 0x64 0xa1 0x1a 0x39 0x4b 0x50 0x20 0x21 0x6a 0x9c 0x3d 0x34 0xaf 0x91 0xf4 0x2e 0xe1 0x4c 0x74 0x6a 0xed 0x4e 0x18 0x3d 0x11 0xe5 0xa9 0xf6 0x87 0xb3 0x7a 0xf0 0xf1 0x5e 0x9b 0x9c 0x1f 0xc0 0x44 0x72 0xdc 0xc3 0xe9 0x62 0x88 0x0b 0xec 0x3c 0x71 0x29 0x99 0xac 0xfa 0x1f 0x31 0xdd 0xae 0x5f 0x84 0x3c 0x16 0x04 0xdb 0x9d 0x4b 0xbb 0xdf 0x6c 0x32 0x0e 0xa0 0xe7 0xa0 0xdc 0x6a 0xa5 0x49 0x12 0xd7 0x59 0xce 0x3c 0x5d 0x36 0x46 0xbf 0x0b 0xcb 0xf7 0x0e 0x41 0x50 0x37 0x53 0xb5 0xdf 0x6d 0xc0 0x7e 0x7f 0x35 0x75 0xf5 0xec 0xad 0x40 0xb5 0x69 0x3c 0xb7 0x5c 0x44 0x0b 0x48 0xe6 0x07 0x41 0xb8 0x4c 0x9d 0x2c 0x4c 0xdf 0xf3 0xa7 0x15 0xcf 0x12 0xdd 0x11 0xcb 0xeb 0x3b 0x89 0x11 0x2e 0x6b 0x84 0x1a 0x3d 0xd9 0x25 0xa2 0x51 0xed 0xdf 0x93 0x76 0x86 0xc4 0xa4 0xcb 0xe8 0x5c 0xd8 0x7a 0x41 0x7d 0xc8 0x70 0xa1 0x0c 0xa1 0xd8 0xda 0xe2 0x75 0x05 0x0b 0x0b 0x83 0x3c 0x6c 0x71 0x13 0x42 0x19 0xcd 0x5d 0xd0 0x99 0x7b 0x24 0xc9 0x7b 0xc2 0x1c 0x2e 0x6e 0x78 0xe0 0xad 0x7f 0x7b 0x4b 0x50 0x33 0x7e 0xa0 0xb9 0x93 0xf4 0x75 0x39 0x50 0x41 0x41 0xe3 0x2b 0x0f 0xf1 0xf3 0xbc 0x84 0x9d 0x6f 0xa7 0x27 0xa7 0x58 0x55 0x8d 0xc7 0xf1 0xa1 0xb8 0x60 0x6f 0x0f 0x19 0xac 0xea 0xef 0x2c 0xba 0x90 0x9b 0x79 0x7b 0x61 0x54 0x03 0xf6 0x92 0x10 0xb4 0x9c 0x78 0x85 0xf3 0x7b 0x3f 0x0e 0xf9 0x8e 0x3d 0xa3 0x43 0xab 0xf4 0x33 0xa4 0x55 0x4b 0x86 0x50 0x75 0x93 0x3a 0x50 0x24 0xae 0x70 0x0c 0xde 0xa7 0x52 0x28 0x43 0x07 0x35 0x5c 0x5a 0xeb 0xc0 0xe1 0xba 0x8c 0xcd 0x76 0xdc 0x07 0x1f 0xa4 0x57 0xdd 0x18 0xa3 0x4e 0xc3 0xf3 0x7b 0x2d 0x0e 0x6b 0xb9 0x92 0xc1 0xfb 0x54 0xc8 0xd7 0x33 0x31 0x43 0xe1 0xce 0xb5 0x89 0xbd 0x0d 0x4e 0x14 0xbc 0x64 0xc5 0xf6 0x28 0x58 0x84 0x64 0xe7 0x8c 0xb2 0xa9 0xd2 0x0b 0x9f 0x1c 0x28 0xfd 0x95 0x93 0x8e 0x51 0x9a 0x5b 0xeb 0x0d 0x51 0x60 0x93 0x35 0x7c 0x59 0x7d 0x6f 0x37 0xbd 0xa4 0x9b 0x2d 0x4f 0x75 0x92 0xbe 0x85 0xc6 0xc3 0x68 0xf6 0x41 0xcc 0x51 0x4c 0xfc 0xda 0x21 0xc3 0x77 0xc1 0xe2 0x79 0xe8 0x0d 0xc7 0x26 0xc3 0x14 0x9e 0x48 0x2f 0xa4 0x95 0x21 0x24 0x61 0x31 0xd5 0x3b 0x14 0x42 0x45 0xd1 0x6d 0x90 0xfe 0x72 0x28 0xa7 0x81 0xe9 0x07 0x47 0x8a 0x0d 0xda 0x08 0x99 0xbc 0x76 0x42 0xec 0x0b 0xfd 0xeb 0x69 0x47 0x58 0xd7 0x81 0x6b 0x71 0xf6 0xb6 0xbe 0xcd 0x4e 0x29 0xd9 0xdb 0xc8 0x12 0x5c 0x46 0xa0 0x3c 0x5b 0x57 0x2b 0x59 0x92 0x36 0x3c 0x6a 0xc3 0x4a 0x13 0x41 0x34 0x2f 0x12 0x13 0xa2 0x51 0xfb 0xf2 0xe0 0x0b 0x2f 0xfc 0x14 0x25 0xad 0x60 0x3a 0x35 0x62 0x7e 0xd2 0x11 0x4c 0x4a 0x29 0xa4 0xca 0x44 This is the first data packet response from the server: 0x80 0x84 0x16 0xc9 0xe0 0x80 0xd6 0x0b 0x4e 0xd8 0xfe 0x00 0xce 0xe2 0x07 0xe1 0xec 0xb9 0x03 0xa8 0x51 0x0b 0xc9 0xd5 0xd9 0x27 0x59 0x07 0x83 0x0c 0x2b 0x75 0x24 0x50 0xcf 0x0c 0xd2 0x8e 0x7b 0xbc 0xbe 0x65 0x48 0x23 0xc9 0xdb 0x82 0x2f 0x54 0x50 0x3b 0xf2 0x50 0xd3 0x15 0x30 0xec 0x78 0xa2 0x61 0x09 0x9a 0x2a 0xc8 0x9c 0x07 0x67 0x70 0x44 0x46 0xca 0xe4 0x65 0x1a 0x0e 0xd9 0x2a 0x77 0xeb 0xc1 0x7e 0x37 0x83 0x43 0x2e 0x26 0xde 0x5f 0x9d 0xa3 0x31 0x87 0xf2 0xe1 0x4f 0x67 0x8d 0xfc 0x4f 0x3f 0x00 0x2c 0x40 0x70 0x34 0x2b 0x62 0x80 0xcf 0x0d 0x93 0xff 0xc9 0x5e 0xd2 0x21 0xf6 0xa4 0xf4 0xd7 0x13 0x13 0x59 0x44 0x6c 0xd1 0xd1 0x05 0x8f 0x5f 0x15 0x10 0x08 0xed Here is the second data packet response from the server: 0x81 0x04 0xc9 0x4c 0x54 0xcb 0x2c 0xe0 0x8e 0xf9 0x13 0x31 0xb4 0xf1 0x82 0x92 0xd3 0x65 0xc9 0x45 0x7e 0x0f 0x8e 0x54 0x4f 0x7f 0x35 0xc8 0x20 0xa8 0x55 0x18 0x1e 0x27 0x5d 0x6a 0x53 0x79 0xd2 0x2e 0x01 0x5d 0x06 0x25 0x6f 0xaa 0x49 0x68 0x73 0x4e 0x35 0x6b 0x87 0x47 0x6d 0x26 0xb6 0xb0 0x1e 0xd0 0x96 0xd5 0xe6 0x4f 0x94 0x10 0x9f 0x5f 0x83 0x7e 0x0c 0x67 0x36 0x82 0xce 0xcb 0xb1 0xd5 0xc9 0xf9 0xf5 0x32 0xa9 0xf3 0x31 0xbf 0x40 0xe4 0xa6 0x24 0x0e 0xc3 0xfe 0x61 0x24 0x59 0x9d 0x85 0x35 0x0d 0x7d 0xbe 0x16 0x0b 0x8a 0x98 0x74 0x7b 0x5a 0x37 0x73 0x30 0xd9 0x66 0x6c 0x65 0xaf 0xd4 0xc7 0x2a 0x8f 0x14 0xe3 0xf6 0x06 0x63 0x19 0x53 0xc5 0x9a 0x69 0x63 0x29 0x04 0x7a 0x28 0x0e 0x7b 0x17 0xf3 0x60 0xee 0x9d 0xbd 0xe5 0x00 0x0a 0x9d 0x1b 0xc5 0x26 0x93 0x19 0x78 0x43 0x2f 0xe4 0x9a 0x27 0x3c 0x13 0x03 0x9c 0xab 0xad 0xad 0xe1 0xbd 0x8b 0x7c 0x04 0x74 0x7e 0x08 0x50 0xa6 0x19 0x28 0xb7 0x6c 0xbe 0x2b 0x48 0x14 0xd2 0xcb 0xa6 0xad 0x69 0x41 0x31 0x93 0x3a 0x8d 0x87 0x78 0x80 0xc1 0x85 0xa5 0x7a 0x79 0xd1 0x55 0xca 0xb8 0x94 0x0b 0x65 0x3e 0xf2 0x51 0x8d 0xae 0x89 0x87 0x96 0xae 0xd5 0x4d 0x2f 0x14 0x66 0xe6 0xcc 0x63 0x2f 0x50 0x98 0x98 0x59 0xfa 0xf6 0xeb 0xb6 0x44 0x9d 0xc2 0x6c 0xe2 0x7d 0xc9 0x47 0xfa 0x3d 0xa4 0x6b 0x71 0x52 0xcc 0x15 0xdf 0xb3 0x92 0x3f 0x67 0x8e 0x9e 0x84 0xd6 0x39 0xa0 This ends the communication. To try to attack this, the most effective approach would be to calculate CLIENT-READ-KEY by trying all possible values for the 40 least significant bits of the MASTER-KEY, and feeding that into the MD5 formula. Then use the known plaintext in the SERVER-VERIFY message to check the result. Once the proper 40 bit value is found, CLIENT-WRITE-KEY can easily be calculated and the data messages decrypted. Good luck! Hal Finney hal@rain.org