Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
11
votes
2 answers

Why would Carter-Wegman-style message authentication not be broken by P = NP?

Researching about the implications of P = NP to cryptography I found someone say that the only cryptography left standing would be the one time pad and Carter-Wegman-Style message authentication. While the one time pad seems obvious, I am not sure…
David Schumann
  • 243
  • 3
  • 9
11
votes
4 answers

What is the best-practice for encrypting small files?

I would like to know how to store a sensitive file; a credential of sorts. I want to password-protect it, obviously. It would be appropriate - in my application - to prompt the user for the password each run. There are proper apps - like SSH -…
Will
  • 412
  • 3
  • 11
11
votes
1 answer

How can I instantiate a generalized hash function?

I've come across a bunch of "strange" hash function notations, such as the following ones and now I don't know how to choose / instantiate them. Can you please explain me what this notation means and how I can actually instantiate such a hash…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
11
votes
1 answer

Can Shor's algorithm compromise RSA when both the public and private key are secret?

If RSA is to create a public-private key pair and encryption is performed on plain test P to create ciphertext C, given P and C could Shor's algorithm be used to find either of the public and private keys? You have both the plain text and cipher…
Mathew
  • 325
  • 2
  • 9
11
votes
3 answers

How secure is AES-256, but with an effective key length of 56-bits?

I need to encrypt a few drives using Kaspersky Total Security. I however noted something peculiar, Kaspersky's description of their cipher is: Data will be protected using AES-256 encryption with a 56-bit effective key length? Does this mean…
J. Doe
  • 165
  • 1
  • 1
  • 9
11
votes
1 answer

Qubit / Qutrit - Is there a theoretical limit on how many orthogonal states a quantum bit has?

Seems like a quantum bit with $3$ orthogonal quantum states is called a qutrit - and they have been demonstrated practically. In comparison with $n$ qubits that have ~$2^{n}$ states, these have ~$3^{n}$ states. Is there a theoretical upper-limit on…
VAO
  • 212
  • 1
  • 10
11
votes
1 answer

Is SHA-256 safe and difficult to crack?

I am trying to crack a SHA-256 hash but I am not sure how to approach this in an efficient way. The following is known of the original non-hashed content: 64 characters long only consists 0-9 and a-z (no capital letters) the original content does…
Matthew Kaufmann
  • 143
  • 1
  • 1
  • 5
11
votes
1 answer

Is the "New Hope" Lattice Key Exchange vulnerable to a lattice analog of the Bernstein BADA55 Attack?

In the paper, "Post Quantum Key Exhange - A New Hope," the authors present a lattice-based key exchange based on the work of Chris Peikert. In this "New Hope" key exchange the authors try to gain security by having the basepoint for the key…
Andrea Russo
  • 111
  • 1
  • 3
11
votes
2 answers

Appropriate scrypt parameters when generating an scrypt hash

What values for CPU, memory and parallel difficulty should be used when generating an scrypt hash? i.e. $N The CPU difficulty (must be a power of 2, > 1) $r The memory difficulty $p The parallel difficulty I'm using the PHP…
McJohnson
  • 243
  • 2
  • 4
11
votes
1 answer

Does a big salt have the same memory effects as Bcrypt?

Citing Thomas Pornin on the question Why can't one implement bcrypt in Cuda?: bcrypt is a variant of the Blowfish key scheduling, which is defined over a table (a few kilobytes) which is constantly accessed and modified throughout the algorithm.…
Luc
  • 1,558
  • 3
  • 19
  • 34
11
votes
2 answers

Should HMAC-SHA3 be preferred over H(C(k,M))?

If I understand correctly SHA-3 (Keccak) is resistant against more attacks than SHA-2. This would make it possible - again if I understand correctly - to use SHA-3 with a simpler scheme than HMAC. Would there still be a reason to use the HMAC…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
11
votes
3 answers

How to prove the security of block ciphers

I see very often proofs of security for asymmetric crypto algorithms, for instance, using reductions to known hard problems, or game based proofs... In the field of protocols (like authentication) it happens too, for instance proofs using formal…
Hilder Vitor Lima Pereira
  • 7,476
  • 1
  • 25
  • 45
11
votes
1 answer

Is every point on an elliptic curve of a prime order group a generator?

If the order of elliptic group is prime then every point is a generator of that group. I tested the above statement on some elliptic curves and found it true. Does that really work on all curves? Is there any lemma or theorem which states that?
Rashmi
  • 121
  • 1
  • 6
11
votes
2 answers

Is RC4 a problem for password-based authentication?

This is a follow-up question to Does TLS use RC4-drop[n]?. As mentioned in section 6 of RFC4345, there are weak distinguishers for RC4 keystreams available that even work for keystreams that originate from different keys, and regardless of the…
lxgr
  • 1,798
  • 1
  • 13
  • 22
11
votes
1 answer

Non-iterative cryptographic hash functions

Consider the following cryptographic hash function $H$ which maps a message $m$ of variable size to $b$ bits: $$H:\{0,1\}^{*} \mapsto \{0,1\}^b$$ $$y = H(m) = SPRP(IV||m||padding)\mid_{b}$$ , where: $$SPRP:\{0,1\}^n \mapsto…
Ethan Heilman
  • 2,326
  • 2
  • 20
  • 40
1 2 3
99 100