Highest Voted Questions - Cryptography Stack Exchange

30

votes

3 answers

Dropbox Password security

Dropbox have recently published How Dropbox securely stores your passwords Is this really more secure than using bcrypt with a complexity of 11 or 12 ? The password "chain" is secure as its weakest part, so is there any point adding the extra 2…

aes bcrypt sha-512

asked Dec 19 '16 at 19:05

exussum

403
4
7

30

votes

2 answers

In which cases should the IV be kept secret?

When must an IV be kept secret? There is an ambiguity in the way that the lack of need for secrecy of the IV is described in multiple places. Does this ambiguity suggest that there are, in fact, situations in which the IV must be kept secret? Or…

initialization-vector

asked Jul 11 '16 at 19:33

gowenfawr

640
7
12

30

votes

4 answers

Why are zk-SNARKs possible, in layman's terms

zk-SNARK: Zero-Knowledge Succinct Non-interactive Argument of Knowledge From the Ethereum blog: One natural use case for the technology is in identity systems. For example, suppose that you want to prove to a system that you are (i) a citizen of a…

zero-knowledge-proofs

asked Jul 08 '16 at 19:39

bkoodaa

639
7
12

30

votes

1 answer

How was the special DES key 0E329232EA6D0D73 found?

The DES key 0E329232EA6D0D73 has the unusual property that decrypting a ciphertext block consisting entirely of zeros gives a plaintext block consisting of eight repetitions of the same byte (0x87). How was this key originally found?

des

asked Jul 07 '16 at 10:12

prim

303
3
6

30

votes

3 answers

What is the recommended number of iterations for Argon2?

I've recompiled my operating system ("LionBSD" based on FreeBSD) to use Argon2i as the default password hashing algorithm in crypt/libcrypt. I'm wondering what the recommended number of iterations would be? As an example, OpenBSD uses 8 iterations…

implementation passwords password-hashing argon2

asked Jun 17 '16 at 23:32

fizk

435
1
5
6

30

votes

4 answers

What is the effect of the different AES key lengths?

How does a changing key length affects the ciphertext, not only in case of AES, but in general? I know that the key spaces become much larger and the number of rounds in case of AES changes, but is security really that much enhanced that if I choose…

encryption cryptanalysis aes distinguisher

asked Aug 23 '12 at 15:57

tom

397
1
3
3

30

votes

1 answer

what is the difference between proofs and arguments of knowledge?

What is the difference between proofs and arguments of knowledge in the context of zero-knowledge? I have read this sentence in this ePrint: It is useful to distinguish between zero-knowledge proofs, with statistical soundness, and zero-knowledge…

zero-knowledge-proofs soundness

asked Apr 22 '16 at 08:14

MH Samadani

591
4
12

30

votes

11 answers

Why can't I reverse a hash to a possible input?

I'm going to provide “proof” why a hash function can be reversed, and I hope you can tell my why I'm wrong So, a hash function can be implemented as a series of logic gates. All logic gates can be implemented using only NOT and OR gates. (I'm fairly…

hash cryptanalysis preimage-resistance

asked Nov 11 '15 at 05:57

Shelvacu

574
1
5
10

30

votes

3 answers

Is this password migration strategy secure?

I want to upgrade the security of some existing databases of users' authentication tokens strictly for the purpose of making sure that if the database is stolen, attackers will not be able to guess any but the weakest passwords in a reasonable…

cryptanalysis protocol-design passwords

asked Jun 17 '12 at 21:41

Major Major

435
4
7

30

votes

2 answers

How to determine the order of an elliptic curve group from its parameters?

Let $\quad E:\; y^2 = x^3 + ax + b \quad$ be an elliptic curve defined over a finite field $\mathbb F_q$ where $q = p^n$, $a,b \in \mathbb F_q$ and $p \neq 2, 3$. By Hasse's theorem we know that the order of $E(\mathbb F_q)$ is in the range…

elliptic-curves finite-field group-theory

asked Sep 03 '15 at 14:02

user110219

665
1
6
12

30

votes

1 answer

SHA-256 hash of null input?

What is the SHA-256 hash if the input is null, i.e. an empty bitstring? (Not the hash of 0 or "0".)

hash sha-256

asked Jun 05 '15 at 09:33

Geremia

625
1
5
12

30

votes

1 answer

How strong is the ECDSA algorithm?

Some cryptographic algorithms are as strong as the size of their key is, while other have some weaknesses that limit their strength (such as SHA-1). How strong is the ECDSA algorithm, and does that strength depend on anything (for example, the curve…

dsa key-size elliptic-curves

asked Apr 28 '12 at 22:14

ThePiachu

1,689
2
18
26

30

votes

2 answers

Which attacks are possible against raw/textbook RSA?

The PKCS#1 standard defines multiple padding schemes for signature generation/verification (EMSA-PSS and EMSA-PKCS1-v1_5), and encryption/decryption (EME-OAEP and the less safe EME-PKCS1-v1_5). Which attacks are possible on signature…

rsa cryptanalysis padding

asked Nov 07 '14 at 15:59

Maarten Bodewes

96,351
14
169
323

30

votes

2 answers

How does the MOV attack work?

What exactly is the MOV attack, how does it actually work, and what is it used for? It's explained briefly here and I'd like to know what it is more / what is it fully used for.

cryptanalysis elliptic-curves

asked Feb 17 '12 at 04:25

Ben

749
1
7
13

30

votes

1 answer

How secure would HMAC-SHA3 be?

It would be possible to implement the HMAC construction with (draft) SHA-3, leading to HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 (the last 3 digits are the output size $\ell$, where $\ell/8$ is the $L$ parameter in HMAC). All that's…

hmac sha-3 keccak

asked Apr 24 '14 at 11:46

fgrieu

149,326
13
324
622

Most Popular