By Narcissus


The link leads to a site with info about time-based side-channel analysis and a password box:


The challenge is straightforward: Find the password using calculation speed from the server.

Starting with 0000000000 we got the message Password verification failed. Processing time 275 microseconds. We kept changing the first number until we got a spike, so at 8000000000 we got Password verification failed. Processing time 499 microseconds.

We continued this method until we got 8105237467 and the following new box:


We could have written code to do this, but why bother? 😜

The password was checked digit by digit. That means that the moment it sees a charactar that shouldn't be there it returns an error. Using this we knew to look for a longer processing time each try and finally get the flag: BSidesTLV{7456urtyifkygvjhb}