Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
34
votes
3 answers

What is bignum-free RSA?

I recently saw a claim that BearSSL has a bignum-free implementation of RSA. What does this mean? I don't see how one could implement RSA without bignum arithmetic.
Elias
  • 4,903
  • 1
  • 14
  • 31
34
votes
3 answers

Is there a standard, or widely accepted convention, for magic constants in crypto software?

Inspired by Magic "Nothing Up My Sleeve" Numbers - Computerphile - YouTube [5:31]. If you just need a constant to begin your algorithm, and the value of that constant isn't important, why not have a widely known convention to always use the digits…
Low Powah
  • 441
  • 4
  • 4
34
votes
3 answers

Possible ways to crack simple hand ciphers?

We had a quiz in class today where we had to break the ciphertext with the key given, but not the algorithm. Suffice to say that I wasn't able to decrypt it within the allotted time of 12 mins and will probably get a 0% score on the quiz. So, I was…
GamingX
  • 647
  • 2
  • 7
  • 9
34
votes
0 answers

Key size for HMAC-SHA256

After reading a bunch of past stack exchange posts like this one and RFCs 5869, 2104, and 4868 I felt comfortable that a 32-byte key was sufficient for HMAC-SHA256. However, I am implementing my code in C# and someone pointed out to me that the…
Ralph P
  • 543
  • 1
  • 4
  • 10
34
votes
4 answers

Are checksums essentially non-secure versions of cryptographic hashes?

Are checksums basically toned-down versions of cryptographic hashes? As in: they are supposed to detect errors that occur naturally/randomly as opposed to being designed to prevent a knowledgeable attacker's meticulous engineering feature? So,…
AlanSTACK
  • 1,305
  • 2
  • 13
  • 13
34
votes
2 answers

Why is MixColumns omitted from the last round of AES?

All rounds of AES (and Rijndael) have a MixColumns step, save the last round which omits it. DES has a similar feature where the last round differs slightly. The rationale, if I recall correctly, was to "make the cipher appear similar in reverse…
Fixee
  • 4,158
  • 2
  • 25
  • 39
34
votes
2 answers

Hardness of finding mutual discrete logarithms of small generators in $\mathbb{Z}_p$

Suppose you want to select a prime $p$ such that finding e.g. $\log_2(3)$ in $\mathbb{Z}_p$ is expected to be either at least as hard as the general Discrete Logarithm Problem in $\mathbb{Z}_p$, or at least both problems infeasible, e.g. because you…
Henrick Hellström
  • 10,406
  • 1
  • 30
  • 58
33
votes
8 answers

Have any cryptographic breaks been executed in the real world since World War II?

Have there been any publicly known exploits of a cryptographic break in a widely used cryptographic system to actually read encrypted information (or falsely authenticate) since the Ultra program in World War II? I want to define my terms as…
Very Tiny Brain
  • 441
  • 1
  • 4
  • 7
33
votes
5 answers

Any practical uses of machine learning for cryptography?

I am about to go study for my masters in machine learning, data mining and high performance computing, but have recently become very interested in cryptography after taking Dan Boneh's Cryptography course on coursera.com. I was wondering if there…
Michael Aquilina
  • 870
  • 1
  • 8
  • 11
33
votes
2 answers

Is HMAC-MD5 considered secure for authenticating encrypted data?

I've read something to the effect that the HMAC construct is able to lessen the problem of collisions in the underlying hash. Does that mean that something like HMAC-MD5 still might be considered safe for authenticating encrypted data?
Nuoji
  • 803
  • 1
  • 7
  • 21
33
votes
3 answers

For Diffie-Hellman, must g be a generator?

Due to a number of recently asked questions about Diffie-Hellman, I was thinking this morning: must $g$ in Diffie-Hellman be a generator? Recall the mathematics of Diffie-Hellman: Given public parameters $p$ (a large prime) and $g$ (always referred…
mikeazo
  • 38,563
  • 8
  • 112
  • 180
33
votes
3 answers

How can I make sure non-open source programs are really using end-to-end encryption?

Without going deep into math, is there a way to make sure that non-open source programs like WhatsApp, FaceTime, Zoom, etc. are really using end-to-end encryption instead of just 'regular encryption' (i.e. the server has the cryptographic keys)?
Fulalas
  • 431
  • 4
  • 5
33
votes
2 answers

7zip : Why does encrypting the same file with AES-256 not give the same output?

Using 7-zip 19.00, on Windows 10 1909, build 18363.592, I encrypted a text file with the contents "hello there" using AES-256 and the password "123". I did this two times, the exact same procedure, but as shown below, the output is…
super
  • 463
  • 1
  • 4
  • 9
33
votes
3 answers

How practical are side-channel attacks and how much of a concern are they?

I see a lot of research in very sophisticated side-channel attacks on crypto systems. Most (but definitely not all) seem to follow a trend, namely, the crypto system does something very dumb like decrypt any block given to it with no IV or nonce (so…
mikeazo
  • 38,563
  • 8
  • 112
  • 180
33
votes
2 answers

Formal verification in cryptography

I have seen in some places that people use formal verification and/or computer-aided verification for cryptography (tools like ProVerif, CryptoVerif, etc.). How do these approaches work?
user4936
1 2 3
99 100