Highest Voted Questions - Cryptography Stack Exchange

28

votes

1 answer

what is the difference between proofs and arguments of knowledge?

What is the difference between proofs and arguments of knowledge in the context of zero-knowledge? I have read this sentence in this ePrint: It is useful to distinguish between zero-knowledge proofs, with statistical soundness, and zero-knowledge…

asked Apr 22 '16 at 08:14

MH Samadani

571
4
12

28

votes

3 answers

Is this password migration strategy secure?

I want to upgrade the security of some existing databases of users' authentication tokens strictly for the purpose of making sure that if the database is stolen, attackers will not be able to guess any but the weakest passwords in a reasonable…

asked Jun 17 '12 at 21:41

Major Major

415
4
7

28

votes

2 answers

HMAC vs MAC functions

I've read definitions of MAC and HMAC, but can't say I've completely grasped the differences. What are principle differences? When to use one and when the other?(Typical Use Cases)

asked Jun 16 '12 at 13:39

Matteo

1,131
2
12
22

28

votes

2 answers

Unpredictability of X.509 serial numbers

About X.509 certificates serial numbers the RFC 5280 says: The serial number MUST be a positive integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number…

certificates

asked Jul 27 '11 at 11:54

Jcs

511
1
7
12

28

votes

2 answers

How does a chosen plaintext attack on RSA work?

How can one run a chosen plaintext attack on RSA? If I can send some plaintexts and get the ciphertexts, how can I find a relation between them which helps me to crack another ciphertext?

asked Apr 10 '12 at 04:24

user1829

28

votes

2 answers

How were the DES S-box values determined?

It seems like the S-boxes in DES have essentially random values. How were these chosen?

asked Jul 12 '11 at 19:34

samoz

3,236
3
23
25

28

votes

1 answer

Multi-party encryption algorithm

To give some foreground information: I acknowledge that I am a cryptography newb and not by any means an expert (and probably never will be). In a recent CS class we had several assignments writing and implementing RSA and Diffie-Hellman. It was fun…

asked Dec 18 '13 at 01:08

Niko

383
1
3
4

28

votes

2 answers

What is a hard-core predicate?

I read this article on Wikipedia: Hard-core predicate. Still I don't understand what exactly is a hard-core predicate. Is it possible to put this in simple English terminology, and perhaps with a simple example?

asked Oct 28 '11 at 17:30

Kai

27

votes

3 answers

Why is the P-521 elliptic curve not in Suite B if AES-256 is?

asked Aug 21 '13 at 19:59

DeepSpace101

1,697
2
17
24

27

votes

7 answers

Is there any famous protocol that were proven secure but whose proof was wrong and lead to real world attacks?

Are there moderns (post World War II) and famous protocols that were proven secure (in any model: game-based, UC...) but whose proof was wrong and could have led to real-world attacks? Note that: I'm not really concerned about attacks on the…

asked Feb 25 '22 at 08:38

Léo Colisson

1,176
9
12

27

votes

2 answers

Is there a hash function which has no collisions?

Is there a hash function which has no collisions? To clarify: it would be some function which would produce variable-length output, and never produce the same output for differing input. It would also be computationally hard to derive the input from…

asked Jun 19 '13 at 05:12

benj

371
1
3
3

27

votes

1 answer

How does HOTP keep in sync?

My understanding of HOTP is that each password is unique and based on a counter. $$PASSWORD = HOTP_1(K,C)$$ Where $C$ is an incremental counter. What I wish to know, is how you keep the client and server in sync? Looking at current systems…

asked Sep 28 '11 at 17:31

mrwooster

373
3
5

27

votes

2 answers

How are side-channel attacks executed? What does an attacker need to execute a side channel attack?

I've been reading about side-channel attacks on Wikipedia, and it seems that some of these can only be executed on the victim's computer. (I am specifically asking about the side-channel attacks listed on the Wikipedia page and any more that are…

asked Oct 29 '19 at 02:21

09182736471890

516
4
9

27

votes

1 answer

When to use Argon2i vs Argon2d vs Argon2id?

I've read the manual, and multiple articles / StackExchange posts about this topic, but still can't decide which implementation of Argon2 is best for my use case. I want to securely encrypt passwords in a database in an unshared environment. After…

asked Aug 06 '19 at 14:46

J.D.

373
1
3
8

27

votes

8 answers

Is there really no use for MD5 anymore?

I read an article about password schemes that makes two seemingly conflicting claims: MD5 is broken; it’s too slow to use as a general purpose hash; etc The problem is that MD5 is fast I know that MD5 should not be used for password hashing, and…

asked Apr 25 '19 at 08:36

jornane

509
1
4
5

Most Popular