Highest Voted Questions - Cryptography Stack Exchange

28

votes

6 answers

Are there hash algorithms with variable length output?

I understand that for example MD5 produces a 128 bit hash value from a given text of variable size. My question is if there is a hash-like algorithm that will produce a hash value where one can specify the length of the outcome? So one would specify…

hash algorithm-design one-way-function

asked Aug 15 '12 at 01:15

Thomas

1,184
5
16
33

28

votes

3 answers

What is the length of an RSA signature?

Is it the same as the bits of the key (So a 2048 bit system will yield a 2048 bit signature)? At most as the key? Or something else entirely?

rsa signature

asked Aug 10 '12 at 14:45

ispiro

2,085
2
18
29

28

votes

1 answer

Examples of modern, widely used ciphers that suddenly fell?

RC4 and GOST are two major ciphers (defined as being widely used to encrypt large amounts of data) that fell to cryptanalysis (relatively) suddenly. The first becoming totally broken and the second fell from $2^{256}$ bit security to $2^{99.5}$ bit…

reference-request history

asked May 02 '16 at 03:30

Demi

4,853
1
22
40

28

votes

3 answers

Plain text size limits for AES-GCM mode just 64GB?

Based on NIST SP 800-38D section 5.2.1.1, it seems that the maximum length of plaintext is 2^39-256 bits ~ 64 GB. We've got 100+GB files in genomics that need to be GCM encrypted so are concerned about hitting this. So two questions: What's the…

encryption aes authenticated-encryption gcm

asked Jan 08 '16 at 19:44

DeepSpace101

1,717
3
17
24

28

votes

3 answers

How is bitslicing faster?

I have read a paper on Bit Slicing and Lightweight crypto but cannot understand how bitslicing makes encryption scheme faster. Please can someone explain with an example exactly how bit slicing makes the code faster (even a single xor example will…

implementation performance lightweight bitslicing

asked Oct 28 '15 at 14:01

ishaan arora

383
3
6

28

votes

2 answers

How were the DES S-box values determined?

It seems like the S-boxes in DES have essentially random values. How were these chosen?

des encryption s-boxes

asked Jul 12 '11 at 19:34

foobarfuzzbizz

3,256
3
24
25

28

votes

3 answers

Are safe primes $p=2^k \pm s$ with $s$ small less recommandable than others as a discrete log modulus?

I take the definition of safe prime as: a prime $p$ is safe when $(p-1)/2$ is prime. Safe primes of appropriate size are the standard choice for the modulus of cryptosystems related to the discrete logarithm problem, such as Diffie-Hellman. A…

discrete-logarithm prime-numbers safe-prime

asked Dec 01 '11 at 06:21

fgrieu

149,326
13
324
622

28

votes

1 answer

Multi-party encryption algorithm

To give some foreground information: I acknowledge that I am a cryptography newb and not by any means an expert (and probably never will be). In a recent CS class we had several assignments writing and implementing RSA and Diffie-Hellman. It was fun…

public-key key-exchange hybrid-encryption

asked Dec 18 '13 at 01:08

Nikole

383
1
3
4

28

votes

2 answers

What is a hard-core predicate?

I read this article on Wikipedia: Hard-core predicate. Still I don't understand what exactly is a hard-core predicate. Is it possible to put this in simple English terminology, and perhaps with a simple example?

hash one-way-function

asked Oct 28 '11 at 17:30

Kai

28

votes

10 answers

Can an AI really generate random numbers?

I asked an AI the following question: Can you provide me with random numbers of 30 digits in length? And then the AI has generated these numbers for…

pseudo-random-generator

asked Apr 24 '23 at 13:24

swannty

391
1
3
8

28

votes

5 answers

Could RDRAND (Intel) compromise entropy?

I was recently discussing the issue of RDRAND in Intel chips and the whole issue about how NSA could potentially be influencing Intel to weaken or create backdoors in their design. This petition was posted asking Linus Torvalds to ignore RDRAND and…

random-number-generator entropy nsa

asked Sep 10 '13 at 11:56

Michael Aquilina

880
1
8
11

27

votes

3 answers

Why is the P-521 elliptic curve not in Suite B if AES-256 is?

public-key elliptic-curves standards nsa

asked Aug 21 '13 at 19:59

DeepSpace101

1,717
3
17
24

27

votes

7 answers

Is there any famous protocol that were proven secure but whose proof was wrong and lead to real world attacks?

Are there moderns (post World War II) and famous protocols that were proven secure (in any model: game-based, UC...) but whose proof was wrong and could have led to real-world attacks? Note that: I'm not really concerned about attacks on the…

provable-security attack history

asked Feb 25 '22 at 08:38

Léo Colisson

1,551
13
14

27

votes

2 answers

Is there a hash function which has no collisions?

Is there a hash function which has no collisions? To clarify: it would be some function which would produce variable-length output, and never produce the same output for differing input. It would also be computationally hard to derive the input from…

hash collision-resistance

asked Jun 19 '13 at 05:12

benj

371
1
3
3

27

votes

7 answers

Why is SRP not widely used?

SRP seems to be a very good password authentication protocol, compared to any other things used now. So why is there no popular implementations, or even no working secure implementations? I tried to set up TLS-SRP protocol, but it haven't worked…

implementation srp

asked May 05 '13 at 12:35

Smit Johnth

1,731
4
18
27

Most Popular