# RSA

Very Smooth - picoCTF 2022

**vulnerability: factorisation with Pollard’s p-1 algorithm**

Lorge - Imaginary CTF 2022

**vulnerability: factorisation with Pollard’s p-1 algorithm, but largest prime factor of p-1 and q-1 is the same**

One Step Closer - HTB Cyber Apocalypse CTF 2022

**vulnerability: affine padding (allowing Franklin-Reiter attack)**

DeLorean - HTB

**vulnerability: non-prime e and gcd(e, phi) is power of 2**

easyRSA - DASCTF 2022

**vulnerability: non-prime e and gcd(e, p-1) = 1**

baby RSA DICECTF 2022

**vulnerability: e | (p-1) and e | (q-1)**

Information Paradox - Space Heroes CTF 2022

**vulnerability: partial PEM private key**

Key Recovery - San Diego CTF 2022

**vulnerability: partial OpenSSH private key**

PSYDUCK - squeamishossifrage

**vulnerability: upper bits of p given**

DELIBIRD - squeamishossifrage

**vulnerability: common modulus attack**

MAGIKARP - squeamishossifrage

**vulnerability: e=1**

VULPIX - squeamishossifrage

**vulnerability: low Hamming weight**

LUDICOLO - squeamishossifrage

**vulnerability: ROCA attack**

Can’t Login - Incognito CTF 2022

**vulnerability: common ssh-key password**

Cookie Lover - HackIM CTF 2022

**vulnerability: signature oracle**

rsa_leak - ACTF 2022

**vulnerability: LSB attack**

Refactor - ASIS quals 2023

**vulnerability: multiple of phi known**

Too Little Information - nbctf 2023

**vulnerability: MSB (p+q) known**

easy-rsa - pingCTF 2023

**vulnerability: bit-by-bit bruteforce**

pprintable - Fall GoN Open Qual CTF 2022

**vulnerability: byte-by-byte bruteforce**

Various Scattered Bits Challs

**vulnerability: random known bits**

L4ugh - 0xl4ughCTF 2024

**vulnerability: common d**