A day at work

We're reaching the end of the performance review season, and everybody at work is a bit on edge waiting for their rating. Tuesday was when my manager was supposed to tell me mine. When we met, he refused to disclose though, but asked me to wait for one more day. Previously, he asked for my address, and said he's sending me a package. He was obviously upbeating, so I thought it'd be a good news.

This morning a FedEx man handed me a package containing a wooden box and a cryptogram.

The wooden box is a lovely mini Enigma! It works like a charm, and can simulate all well-known Enigma machines that have 26 keys.

It looks like I have to use this Enigma to crack the cryptogram, which I reckon contains the result of my perf review.

The simulator is well-crafted and super sophisticated. It has tons of options. I have to admit that before today I'd never paid much attention to Enigma. I felt stupid because I didn't know where to start. Here I am a technical lead responsible for the correct use of crypto, and consider myself a history buff, yet I knew next to nothing about the most famous broken encryption device in history. I had a good laugh at this thought. It always feels good when I am reminded not to take myself so seriously.

After playing with the Enigma for half an hour without making any progress, I pretended that I had more important work to do, and put it aside. Wednesday is my meeting day. I spent a couple of hours in various 1:1s, and a couple more helping a teammate debug a weird issue in Tink's experimental post-quantum crypto module. BTW we just released Tink 1.5.0 last week, check it out!

We were implementing HRSS, one of the finalists of the NIST PQC competition. HRSS is a lattice-based public key encapsulation method. It provides two functions: encap and decap. The former allows a sender to transport a secret to a recipient using the recipient's public key. The latter allows the recipient to recover the secret using the private key.

The issue was that the decap function returned a wrong result. This function takes an encapsulated secret and a private key. Either our code was wrong or the input were corrupted. A lot of printfs later, I found that the private key was malformed. But how? In the failed unit test we just copied the private key pointer from one place to another.

At this point I'd spent 2-3 hours on this issue, already run out of places to printf. Time to take a break. I wanted to distract myself with another problem, and the Enigma cryptogram was just a perfect choice.

I thought, well, it is a serious machine, if I want to crack it I have to understand how it works first. I read the manual, and digested the Enigma pages on Wikipedia. The cryptanalysis is fascinating, but I'm afraid it won't help me because all I got is a single ciphertext. The manager hinted that I only had to guess the encryption key. I wasn't sure if I should trust him, but I didn't have any better idea.

Several different Enigma models were produced, each has many settings, and this simulator replicates them all. It provides a long menu that allows to choose the machine model, and configure the initial state. The machine state, including the position of the rotors, how they interact with each other, is the encryption key. That is, if I want to decrypt, I need to find the state when the messages was being encrypted.

The state space is too huge to brute force.  I reckoned that my manager probably used the default settings, meaning many bits of the state are already correct. The most obvious place for him to change is the initial position of the rotors. There are 4 rotors, each has 26 positions, meaning the key is a 4-char word and totally there are 26^4 possibilities. I thought well if I can't guess it a brute-force search wouldn't be a bad idea.

It was obvious that the key is my name THAI. It didn't work. My next brilliant idea was GOOG. No luck. Hmm, maybe I misconfigured the machine? I read the manual one more time, and also performed a few trial encryption/decryption with random keys. I didn't make any mistake, it seems that THAI really wasn't the key.

Dinner time came, and together M. and I were eating and guessing the encryption key. Have you tried SNOW? Oh my god, it must be SNOW! He loves skiing, and he knows you also love it! M. was so excited, but SNOW wasn't it. It must be 2020 then, have you tried that? I said Enigma doesn't allow to enter numbers. Stupid machine, M. protested! Funtimes.

Eventually I found the key, and the message decrypts to this:

It looks like I was promoted :-). It took me 5 years. At this rate I'll be CEO in about 300 years. There's a high chance that I might need another life.

While pondering what I should write in my first reorg announcement as the CEO, I composed an encrypted response. When the manager saw it, he thought I decrypted his original message incorrectly, and gave me more hints! It hurt my ego, I said no no, I cracked it, and that's my reply for you. The bastard was still trying to decrypt it while I was writing this. He asked for a hint, but I'm not sure why I should help him, given that I'm already promoted.

Riding high on the adrenaline rush, I went back to the HRSS issue, and found the problematic lines of code within a few minutes. It's still unclear what exactly went wrong, but at least we now know the origin of the problem. There's something wrong with the way we were copying the private key pointer. I shared the finding with my teammate, and thought he will be very happy when he sees this tomorrow -- he had been wrestling with this bug for days.

They say, do what you love and you don't have to work another day in your life. I say bullshit, most jobs including mine suck in one way or another, and that's okay. Today was another day, however, I indeed did what I love, and didn't feel like working at all. Thank you boss and everyone!


Loc Bui said…
longlx said…
Hai Dang said…
Chuc mung anh Thai
Unknown said…
Chúc mừng anh Thái ạ!!
seanxluong said…
Tuấn Anh said…
Chúc mừng anh Thái.
Thai Duong said…
Cảm ơn mọi người.
Zic said…
L7 là bn tiền? @_@
Thao Le said…
Chúc mừng Thái! It should be a hard review to get promotion for a technical position.
Unknown said…
At the L7 level, which is considered a senior staff software engineer, the annual salary can top $256,059, along with $286,176 in stock options and a bonus of $83,294.
-- wow --
hungtx said…
Chúc mừng anh Thái!
Chan Le said…
congrats anh!

btw imaging going through all this trouble and got the message after decryption: "sorry piped"
TUI XINH said…
không có kiên thức căn bản về code cũng như chưa từng học lập trình.
bằng biện pháp nào đó. mà những đường link tò mò luôn dẫn tôi tới chổ mà các hacked chuyên nghiệp, hoặc dev, IT, đều muốn thấy.
- Nó giống như bạn đã tìm ra được một chìa khóa + chiếc lambo.
mà chủ nhân nó dành cho ai tìm thấy nó.

- P/S:
Chào a Thaidn sau khi nhìu click liên kết đã dẫn e lần tới đây. và e có đọc về bài viết mà a chia sẽ.
Thực sự có 1 cái gì đó nó rất tương đồng. như ngày tháng - và hầu như trong cả đoạn bài viết giống so vs những gì e hồi tưởng 40%.
rất mong đc sự giúp đỡ cũng như được trao đổi vs a. nhiều hơn ạ.
-e nhận thấy có gì đó- rất tương đồng - và a đúng là 1 thần đồng,

info :
zalo : 0925 013 125 ( hãy kết bạn vs e nhé IdOL)
HN Tran said…
Come on, tell us what the encryption key is! And the follow-up with your boss.
That aside, congrats!