Highest Voted Questions - Cryptography Stack Exchange

29

votes

6 answers

Why not authenticate full-disk encryption?

Common FDE software (TrueCrypt, BitLocker, dm-crypt) doesn't authenticate ciphertext stored on the disk. The commonly cited reason is "it would take too much space", reasoning that you would need an authentication tag for every sector and that would…

asked Nov 03 '16 at 18:23

matejcik

393
3
5

29

votes

4 answers

Why are zk-SNARKs possible, in layman's terms

zk-SNARK: Zero-Knowledge Succinct Non-interactive Argument of Knowledge From the Ethereum blog: One natural use case for the technology is in identity systems. For example, suppose that you want to prove to a system that you are (i) a citizen of a…

zero-knowledge-proofs

asked Jul 08 '16 at 19:39

bkoodaa

629
7
12

29

votes

7 answers

Why is OTP not vulnerable to brute-force attacks?

I saw this question on the book Understanding Cryptography. At first glance it seems as though an exhaustive key search is possible against an OTP system. Given is a short message, let’s say 5 ASCII characters represented by 40 bit, which was…

asked Mar 03 '16 at 12:33

Vladmostov

295
1
3
8

29

votes

3 answers

How is XOR used for encryption?

I am a programmer, so when I hear XOR, I think about the bitwise operator (e.g. 0110 ^ 1110 = 1000). The mention of "XOR" comes up quite a bit in cryptography. Is this the same XOR as the bitwise operator? If so, how is it used to encrypt a large…

asked Oct 04 '14 at 16:23

IQAndreas

397
1
3
8

29

votes

4 answers

Is there a hash function that's more expensive for an attacker than for the server?

Say a server wants to hash a password $p$. It would use a secure hash function $H$ and a unique salt $s$ to hash the password as $H(p,s)$. If one has access to the salt, each password candidate requires one run of the hash function to be ruled out;…

asked Feb 16 '23 at 07:04

n-l-i

445
3
9

29

votes

9 answers

Why not the one-time pad with pseudo-number generator

I am very new to cryptography (so be kind), but I have a question that may seem silly. If the one-time pad is the perfect cipher and impossible to crack, why would the following algorithm not be one of the strongest: To encrypt: generate a random…

asked Sep 18 '13 at 21:19

dardawk

401
1
4
6

28

votes

1 answer

ElGamal with elliptic curves

I've searched some information on ECC, but so far I have only found Diffie-Hellman key-exchange implementations using ECC, but I don't want to exchange keys, I want to encrypt & decrypt data like in ElGamal. I know that ElGamal with elliptic curves…

asked Aug 26 '13 at 13:39

CriticalError

383
1
3
4

28

votes

3 answers

How can I use SSL/TLS with Perfect Forward Secrecy?

I'm new to the field of cryptography, but I want to make the web a better web by setting up the sites that I host with Perfect Forward Secrecy. I have a list of questions regarding the setup of Perfect Forward Secrecy. Here it goes: Can my choice…

asked Jun 29 '13 at 20:31

Clay Freeman

421
1
4
8

28

votes

2 answers

Why is Diffie-Hellman considered in the context of public key cryptography?

In all textbooks I used the Diffie-Hellman key exchange is under "public key cryptography". As far as I can see it is a method to exchange a key to be used with a symmetric cryptographic algorithm, so it falls very naturally in the area of symmetric…

asked Feb 10 '13 at 16:59

Mr_and_Mrs_D

383
1
3
9

28

votes

5 answers

Why is it important that phi(n) is kept a secret, in RSA?

Why is it important that $\phi(n)$ is kept a secret, in RSA?

asked Dec 20 '12 at 11:59

johankj

385
1
3
8

28

votes

5 answers

Why do wireless keyboards only use 128-bit AES? Why not 256?

I've looked for 256-bit AES encrypted wireless keyboards, and apparently they don't exist. Can anybody explain why this is from a cryptographic point of view? Why wouldn't they just opt-in to the highest standard of encryption, instead of settling…

aes

asked Sep 13 '17 at 19:25

Jon

299
1
3
4

28

votes

1 answer

What is hardened SHA-1, how does it work and how much protection does it offer?

From the shattered website: You can use the online tool above to submit files and have them checked for a cryptanalytic collision attack on SHA-1. The code behind this was developed by Marc Stevens (CWI) and Dan Shumow (Microsoft) and is publicly…

asked Feb 23 '17 at 19:53

Maarten Bodewes

92,551
13
161
313

28

votes

7 answers

Is calculating a hash code for a large file in parallel less secure than doing it sequentially?

I would like to improve the performance of hashing large files, say for example in the tens of gigabytes in size. Normally, you sequentially hash the bytes of the files using a hash function (say, for example SHA-256, although I will most likely use…

asked Aug 10 '11 at 19:56

Michael Goldshteyn

391
1
3
7

28

votes

6 answers

Are there hash algorithms with variable length output?

I understand that for example MD5 produces a 128 bit hash value from a given text of variable size. My question is if there is a hash-like algorithm that will produce a hash value where one can specify the length of the outcome? So one would specify…

asked Aug 15 '12 at 01:15

Thomas

1,174
5
16
33

28

votes

1 answer

Examples of modern, widely used ciphers that suddenly fell?

RC4 and GOST are two major ciphers (defined as being widely used to encrypt large amounts of data) that fell to cryptanalysis (relatively) suddenly. The first becoming totally broken and the second fell from $2^{256}$ bit security to $2^{99.5}$ bit…

asked May 02 '16 at 03:30

Demi

4,793
1
19
39

Most Popular