Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
34
votes
0 answers

Key size for HMAC-SHA256

After reading a bunch of past stack exchange posts like this one and RFCs 5869, 2104, and 4868 I felt comfortable that a 32-byte key was sufficient for HMAC-SHA256. However, I am implementing my code in C# and someone pointed out to me that the…
Ralph P
  • 543
  • 1
  • 4
  • 10
34
votes
4 answers

Are checksums essentially non-secure versions of cryptographic hashes?

Are checksums basically toned-down versions of cryptographic hashes? As in: they are supposed to detect errors that occur naturally/randomly as opposed to being designed to prevent a knowledgeable attacker's meticulous engineering feature? So,…
AlanSTACK
  • 1,315
  • 2
  • 14
  • 14
34
votes
3 answers

How does RSA compute such enormous numbers?

So I have been reading and learning a lot about cryptography lately and in particular asymmetric ciphers such as RSA. One thing that I am curious about but never seems to be mentioned is how the cipher algorithm manages to compute such enormous…
Luke
  • 473
  • 4
  • 6
34
votes
3 answers

Why would anyone use an elliptic curve with a cofactor > 1?

In cryptography, an elliptic curve is a group based on a finite field $GF(p^k)$; this group has $n$ elements on it, and we work on a prime-sized subgroup of size $q$. We denote the value $h = n/q$ as the cofactor of the curve. My question is: why…
poncho
  • 154,064
  • 12
  • 239
  • 382
34
votes
3 answers

Random oracle model proofs and programmability

Proving the security of a scheme with the random oracle model (ROM) involves two steps: first you prove that the scheme is secure in an idealized world where a random oracle exists, and then you implement this scheme in the real world by replacing…
dira
  • 441
  • 5
  • 3
34
votes
2 answers

Hardness of finding mutual discrete logarithms of small generators in $\mathbb{Z}_p$

Suppose you want to select a prime $p$ such that finding e.g. $\log_2(3)$ in $\mathbb{Z}_p$ is expected to be either at least as hard as the general Discrete Logarithm Problem in $\mathbb{Z}_p$, or at least both problems infeasible, e.g. because you…
Henrick Hellström
  • 10,556
  • 1
  • 32
  • 59
33
votes
5 answers

Any practical uses of machine learning for cryptography?

I am about to go study for my masters in machine learning, data mining and high performance computing, but have recently become very interested in cryptography after taking Dan Boneh's Cryptography course on coursera.com. I was wondering if there…
Michael Aquilina
  • 880
  • 1
  • 8
  • 11
33
votes
3 answers

For Diffie-Hellman, must g be a generator?

Due to a number of recently asked questions about Diffie-Hellman, I was thinking this morning: must $g$ in Diffie-Hellman be a generator? Recall the mathematics of Diffie-Hellman: Given public parameters $p$ (a large prime) and $g$ (always referred…
mikeazo
  • 39,117
  • 9
  • 118
  • 183
33
votes
3 answers

How can I make sure non-open source programs are really using end-to-end encryption?

Without going deep into math, is there a way to make sure that non-open source programs like WhatsApp, FaceTime, Zoom, etc. are really using end-to-end encryption instead of just 'regular encryption' (i.e. the server has the cryptographic keys)?
Fulalas
  • 431
  • 4
  • 5
33
votes
2 answers

7zip : Why does encrypting the same file with AES-256 not give the same output?

Using 7-zip 19.00, on Windows 10 1909, build 18363.592, I encrypted a text file with the contents "hello there" using AES-256 and the password "123". I did this two times, the exact same procedure, but as shown below, the output is…
super
  • 463
  • 1
  • 4
  • 9
33
votes
3 answers

Is 128-bit security still considered strong in 2020, within the context of both ECC Asym & Sym ciphers

Given that much of our ECC crypto primitives provide “only” 128-bit security when defined over a 256-bit curve due to pollard-rho, is it then still safe in 2020 to consider 128-bit security safe for the medium term (5-8 years). I’m looking for an…
Woodstock
  • 1,454
  • 1
  • 15
  • 26
33
votes
3 answers

What's the purpose of key-rotation?

What's the purpose of key-rotation? Does it have any effect on the probability of keys being breached in the first place? Does it refer to avoiding access after a breach to all past data, all future data, both or none?
Drathier
  • 1,063
  • 1
  • 8
  • 17
33
votes
3 answers

New quantum attack on lattices (or Shor strikes again)?

Lior Eldar and Peter W. Shor published a paper on arXiv.org in which they present a new quantum algorithm against a variant of BDD. They claim that their new algorithm can efficiently solve the following problem: Given a lattice $L$, a vector $v$,…
mephisto
  • 2,968
  • 20
  • 29
33
votes
2 answers

Why can't one implement bcrypt in Cuda?

I had heard that although it's easy to implement message digest functions like MD5, SHA-1, SHA-256 etc. in CUDA (or any other GPU platform), it is impossible to implement bcrypt there. bcrypt is different from these hash functions, in that Blowfish…
Rook
  • 1,506
  • 1
  • 13
  • 22
33
votes
3 answers

How practical are side-channel attacks and how much of a concern are they?

I see a lot of research in very sophisticated side-channel attacks on crypto systems. Most (but definitely not all) seem to follow a trend, namely, the crypto system does something very dumb like decrypt any block given to it with no IV or nonce (so…
mikeazo
  • 39,117
  • 9
  • 118
  • 183
1 2 3
99 100