picoCTF Solutions
picoCTF 2019CryptographyEasy

caesar

Published: April 2, 2026

Description

Decrypt the message encrypted with a Caesar cipher. Hint: salting it won't help. The ciphertext appears inside the picoCTF{...} braces.

Setup

Download the file containing the ciphertext from the challenge page.

Solution

  1. Step 1Brute-force all 26 Caesar shifts
    A Caesar cipher shifts each letter by a fixed amount. With only 26 possible keys, brute-force is trivial. Run the Python snippet below to print every possible decryption -- the shift that produces readable English inside the braces is the answer.
    python3 -c " s='gvswwmrkxlivyfmgsrhnrisegl' for i in range(26): print(i,''.join(chr((ord(c)-97+i)%26+97) if c.isalpha() else c for c in s)) "
    Learn more

    The Caesar cipher is a monoalphabetic substitution cipher named after Julius Caesar, who reportedly used a shift of 3 to protect military communications. Every letter in the plaintext is replaced by the letter a fixed number of positions later in the alphabet, wrapping around from Z back to A.

    Because there are only 26 possible shifts (including 0, which does nothing), the Caesar cipher has an exhaustively small key space. A brute-force attack simply tries all 26 possibilities and shows the results -- a human can immediately spot the one that reads as English. The Python one-liner above does exactly this: for each shift i, it maps every lowercase letter c by computing (ord(c) - 97 + i) % 26 + 97. Subtracting 97 converts the ASCII code to 0–25, adding i and taking mod 26 wraps the shift, and adding 97 converts back to ASCII.

    In real cryptanalysis, the Caesar cipher is also trivially broken by frequency analysis: in English the most common letter is 'e'. If you find the most frequent letter in the ciphertext, the difference from 'e' gives you the shift. This generalizes into more powerful attacks on simple substitution ciphers.

    The hint "salting it won't help" is a red herring -- salt is a concept from password hashing (a random value added before hashing to prevent rainbow table attacks), which has nothing to do with the Caesar cipher. Recognizing such misdirection is a useful CTF skill.

Flag

picoCTF{...}

With only 26 possible keys, brute-force is trivial -- the shift that produces recognizable English words is the answer.

More Cryptography