This problem encrypts the flag using RSA with a secure padding mode
and a ~2048 bit key. However key generation is weak as we generate
a pool of 20 primes at startup and reuse them. To derive the private
key, competitors will need to compute the GCD of two moduli with a
shared factor.
This problem encrypts the flag using RSA with a secure padding mode and a ~2048 bit key. However key generation is weak as we generate a pool of 20 primes at startup and reuse them. To derive the private key, competitors will need to compute the GCD of two moduli with a shared factor.