Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
25
votes
2 answers

Definition of "pepper" in hash functions

I am confused about the notion of "pepper" in the context of storing hashes of users' passwords. Definition 1: A pepper is a secret key Looking around the Internet, for example here or here, a pepper is frequently defined to be a fixed and randomly…
Malte Skoruppa
  • 545
  • 9
  • 13
25
votes
3 answers

Should you change salt when changing password?

Assume a password storage scheme using a computationally-expensive hash algorithm and a CSPRNG salt. User ID, salt, and hash value are stored in a table; if the table is compromised, all three values are available to an adversary. Is there any…
Bob Brown
  • 353
  • 3
  • 12
25
votes
5 answers

How useful is NIST's Randomness Beacon for cryptographic use?

NIST have just launched a new service called the NSANIST Randomness Beacon. It has been met with some initial skepticism. Perhaps the cryptography community would have used it before June 2013 when NIST had a trusted reputation. At first I thought…
user3461497
  • 361
  • 3
  • 5
25
votes
2 answers

Is H(k||length||x) a secure MAC construction?

If $H$ is a typical secure hash function, then $(k,x) \mapsto H(k \mathbin\| x)$ is not a secure MAC construction, because given a known plaintext $x_1$ and its MAC $m_1$, an attacker can extend $k \mathbin\| x_1$ to a longer message with the same…
Gilles 'SO- stop being evil'
  • 20,442
  • 4
  • 54
  • 97
25
votes
4 answers

When would one prefer a proof of knowledge instead of a zero-knowledge proof?

I've just realized I find it hard to distinguish between these two terms (proof of knowledge, and zero-knowledge proof), specially where only the latter seems to be used in many cryptographic protocols. Zero-knowledge proofs are usually defined as…
LRM
  • 1,406
  • 12
  • 24
25
votes
5 answers

What is the lowest level of mathematics required in order to understand how encryption algorithms work?

What mathematical fields of knowledge would be required in order to get a good understanding of encryption algorithms? Is it basic algebra, or is there a "higher education" mathematical field dedicated to encryption? I know there is the…
user8601
24
votes
4 answers

What are the requirements of a nonce?

Sometimes I read that a nonce has to be a random number but I disagree. A nonce just can't repeat itself. You could increase in by 1 every time if you are sure it would never repeat.
Smit Johnth
  • 1,731
  • 4
  • 18
  • 27
24
votes
7 answers

Turning a cipher into a hashing function

This is theoretical question. I'd like to know if it's possible (and what are eventually the consequences), not that I'm going to do it in one of my projects. ;) The first hashing functions created were based on a symmetric cipher (just like the…
Marek Puchalski
  • 383
  • 1
  • 2
  • 8
24
votes
3 answers

Selective format-compliant JPEG encryption?

I am working towards building a format-compliant encryption system for pictures. The aim of it is to be able to obscure specific areas of a picture (i.e. faces, car license numbers...) while keeping the rest unaltered. The aim would be, for…
DashDotDashDot
  • 349
  • 1
  • 7
24
votes
2 answers

What is the most practical fully homomorphic cryptosystem?

Craig Gentry recently gave the first fully homomorphic cryptosystem. Quite a bit of work has been done since extending his work. It seems, however, that no system is practical for real world use. What are the current roadblocks making FHE…
mikeazo
  • 39,117
  • 9
  • 118
  • 183
24
votes
1 answer

How can one validate with a public key a JWT signature generated with a private key?

As I understand it, a JSON Web Token (JWT) consists of 3 parts: the header, specifying the hashing algorithm to use for the signature; the payload itself; and the signature, which is a hash of the header and the payload using the specified hashing…
Anders Rabo Thorbeck
  • 565
  • 1
  • 3
  • 10
24
votes
4 answers

What is the progress on the MIT LCS35 Time Capsule Crypto-Puzzle?

Ron Rivest posed a puzzle in 1999. MIT LCS35 Time Capsule Crypto-Puzzle. The problem is to compute $2^{2^t} \pmod n$ for specified values of $t$ and $n$. Here $n$ is the product of two large primes, and $t$ is chosen to set the desired level…
DanBeale
  • 343
  • 2
  • 6
24
votes
3 answers

Why is Curve25519 in the GPG “expert” options?

The only way to access the Curve25519 curve in GPG is through gpg --expert --full-gen-key. From my knowledge, Curve25519 is one of the most secure (and fast) elliptic curves in cryptography. So why is RSA fine, but Curve25519 is considered a risk…
Richard R. Matthews
  • 4,545
  • 9
  • 31
  • 49
24
votes
3 answers

Is AES in CBC mode secure if a known and/or fixed IV is used?

I have a need to encrypt credentials for a third-party app used by a secured internal app. Over on ITSec.SE, I was helpfully shown a scheme to encrypt the third-party credentials based on a hash of the credentials for the internal app. I picked AES…
KeithS
  • 570
  • 1
  • 3
  • 11
24
votes
4 answers

Is it feasible to build a stream cipher from a cryptographic hash function?

A few years ago I devised a symmetric-key system that worked like so: H() = some hashing function h = the number of bits in the result of H() key = bits to be used as a key ^ = the XOR operation + = concatenation len() = the length…
John Gietzen
  • 1,515
  • 2
  • 15
  • 16
1 2 3
99 100