At TryToBreak there’s a little five-stage cryptogram-style puzzle that you can supposedly play to win cash. Since the page neither mentions nor attempts to enforce any restrictions on how you figure out the answer, I immediately wrote a little script that matched the lexical pattern in a word list and presented me with a list of five options. The first one I tried led me to a page that said to send email to a particular email address etc. so I could get the link for step two. After a long delay, I got a message back saying “solution is based on particular encryption method not on/or brute force” – no link. Why, I thought to myself, would the site’s author(s) decline to hold up their side of a bargain when given a correct answer, regardless of how it’s derived but especially when its derivation is in no way precluded by any prior instruction? Don’t they want people to play? Well, actually, no they don’t, and the reason is at the bottom of the page:
Can’t break the code on this page? Buy the solution to Step 1 for US$5
That’s right: they’re selling solutions to an obviously trivial puzzle. Given that it is obviously trivial, it’s not in their interest to have anyone apply efficient means to finding a solution, and the easiest way to accomplish that is to prevent any such people from even seeing the later stages. I’ll bet nobody, anywhere, got a link to the second stage no matter what method they used to find the first solution other than by paying for it. Accordingly, here’s my reply email:
It could be a hundred different methods, which cannot be distinguished with a
single nine-character sample. Take your scam elsewhere.
It’s amazing the ways people will try to make money on the internet nowadays.