Highest Voted Questions - Cryptography Stack Exchange

25

votes

3 answers

Are there any practical implementation of a homomorphic hashing or signature scheme?

A homomorphic hash function is a function $H : A \to B$ between two sets with some algebraic structure $(A, *)$ and $(B, \star)$ such that $H$ is collision resistant, i.e. it is hard to find $x \neq y$ such that $H(x) = H(y)$ and $H$ is a…

hash signature

asked Feb 27 '13 at 06:16

sashank

6,234
4
36
68

25

votes

4 answers

Is sharing the modulus for multiple RSA key pairs secure?

In the public-key system RSA scheme, each user holds beyond a public modulus $m$ a public exponent, $e$, and a private exponent, $d$. Suppose that Bob's private exponent is learned by other users. Rather than generating a new modulus, Bob decides to…

rsa public-key modular-arithmetic

asked Feb 16 '13 at 09:15

Mohammed Fathi

251
1
3
3

25

votes

1 answer

Why is SHA-3 robust against Length-Extension Attacks?

If a length extension attack can occur because of $H(\text{K}\mathbin\|\text{Message})$, what changed in SHA-3 from SHA-2 that prevents this from occurring?

mac sha-3

asked Sep 25 '18 at 19:04

elberman

351
3
3

25

votes

4 answers

Is using the same IV in AES similar to not using an IV in the first place?

So if I understand how an IV works with AES, I'm supposed to generate a different IV for every message because using only a key, I will get the same encryption if the message was encrypted twice (which is not secure) thus we use the IV which is some…

encryption aes symmetric initialization-vector

asked Mar 20 '18 at 09:13

Ali_Nass

353
1
4
8

25

votes

5 answers

Can a hard drive store clear text data that is physically impossible to retrieve?

I'm trying to study how HSM and TPM works when storing secret data in clear text. How can they achieve physical impossibility in retrieving secret data? I get the point in software, if you just have input and no outputs then it should be impossible…

keys cryptographic-hardware

asked Feb 06 '18 at 20:59

einstein

431
5
8

25

votes

1 answer

What size of initialization vector (IV) is needed for AES encryption?

What size of initialization vector (IV) is needed for AES encryption? I am using either CBC or CFB modes. Knowing that AES is a sysmmetrical block-cipher algorithm with a 128-bit block size, I think the answer for IV is still 16 bytes or 128 bits…

aes

asked Aug 11 '17 at 17:31

wei3923

361
1
4
4

25

votes

1 answer

Memory-hard password hash in practice?

Dan Boneh, Henry Corrigan-Gibbs, and Stuart Schechter have proposed Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks (in proceedings of AsiaCrypt 2016). Taking the abstract at face value, it is a blow…

key-derivation memory-hard argon2 balloon-hashing

asked Jun 30 '17 at 08:56

fgrieu

149,326
13
324
622

25

votes

5 answers

With sufficient randomness, is XOR an acceptable mechanism for encrypting?

I have heard criticism of various cryptosystems saying that "at their heart, they were just XOR." Is this just ignorance, or is there something inherently wrong with XOR based ciphers?

xor stream-cipher

asked Jul 12 '11 at 22:15

John Gietzen

1,515
2
15
16

25

votes

1 answer

How are the names of cryptographic algorithms (like RSA, AES, SHA-256, Curve25519, etc.) pronounced?

I'll have to give a spoken presentation on cryptography and I don't want to make any pronunciation mistakes. Therefore I'm asking how I should pronounce acronyms like RSA, AES, SHA-1, SHA-256, IGE and CBC, Curve25519, ECDH, MAC, HMAC, etc., both in…

terminology

asked Sep 22 '16 at 09:48

M-elman

1,278
3
16
24

25

votes

3 answers

FIPS 140-2 Compliant Algorithms

Is there any reference to check the list of encryption & signing algorithms which are compliant to FIPS 140-2. After an exhaustive search I could find only "AES". Any suggestions would be much appreciated.

encryption signature fips-140

asked Sep 21 '12 at 15:09

Siva Arunachalam

353
1
3
6

25

votes

2 answers

What's the difference between PBKDF and SHA and why use them together?

I've been reading a little bit about hashing lately and according to AgileBits, they use "SHA512 within PBKDF2" in their new vault file. I've looked in Wikipedia for both names and I know PBKDF2 is a key derivation function and SHA is a…

pbkdf-2 sha-2

asked May 12 '16 at 20:46

Danowsky

353
1
3
4

25

votes

3 answers

What differentiates a password hash from a cryptographic hash besides speed?

I understand that password hashes like bcrypt have the principal property of taking a long time to run, but I'm wondering what if anything about password hashes make them superior to merely running a fast cryptographic has a bunch of times. In…

passwords hash

asked Jul 09 '12 at 20:56

Steven

353
2
6

25

votes

5 answers

Developing algorithm for detecting plain text via frequency analysis

I'm currently attempting the Matasano Crypto Challenges as a basic intro to cryptography. For solving some of the earlier challenges I utilised n-grams to determine which is going to be the most likely English plain text. It has been quite…

cryptanalysis reference-request frequency-analysis

asked Oct 31 '15 at 02:45

CryptoNoob

253
1
3
6

25

votes

4 answers

How many RSA keys before a collision?

I was wondering how many possible private/public keys exist? If a million people – for whatever reason – would try to generate 5 keys each in the same minute (on the same date and time) is there a high chance of collision? I believe GUID would…

rsa keys collision-resistance key-reuse

asked May 06 '12 at 13:00

Nick wheatley

363
1
3
5

25

votes

3 answers

How robust is discrete logarithm in $GF(2^n)$?

"Normal" discrete logarithm based cryptosystems (DSA, Diffie-Hellman, ElGamal) work in the finite field of integers modulo a big prime $p$. However, there exist other finite fields out there, in particular binary fields $GF(2^n)$. There is a…

number-theory discrete-logarithm finite-field

asked Jul 21 '11 at 13:53

Thomas Pornin

88,324
16
246
315

Most Popular