Highest Voted Questions - Cryptography Stack Exchange

27

votes

3 answers

Are safe primes $p=2^k \pm s$ with $s$ small less recommandable than others as a discrete log modulus?

I take the definition of safe prime as: a prime $p$ is safe when $(p-1)/2$ is prime. Safe primes of appropriate size are the standard choice for the modulus of cryptosystems related to the discrete logarithm problem, such as Diffie-Hellman. A…

asked Dec 01 '11 at 06:21

fgrieu

140,762
12
307
587

27

votes

1 answer

Zero knowledge proof protocol example?

Alice is color blind. She never knows if her gloves are matched. Her brother Bob always teases her saying her gloves are mismatched and she should go change them. Alice wants to know if Bob is telling the truth about her…

asked Dec 18 '13 at 16:14

user10956

271
3
3

27

votes

10 answers

Can an AI really generate random numbers?

I asked an AI the following question: Can you provide me with random numbers of 30 digits in length? And then the AI has generated these numbers for…

pseudo-random-generator

asked Apr 24 '23 at 13:24

swannty

381
1
3
8

27

votes

5 answers

Could RDRAND (Intel) compromise entropy?

I was recently discussing the issue of RDRAND in Intel chips and the whole issue about how NSA could potentially be influencing Intel to weaken or create backdoors in their design. This petition was posted asking Linus Torvalds to ignore RDRAND and…

asked Sep 10 '13 at 11:56

Michael Aquilina

870
1
8
11

26

votes

7 answers

Does Terra Quantum AG break AES and Hash Algorithms?

According to this Bloomberg article: A Swiss Company Says It Found Weakness That Imperils Encryption Terra Quantum AG has a team of about 80 quantum physicists, cryptographers and mathematicians, who are based in Switzerland, Russia, Finland and…

asked Feb 07 '21 at 20:09

kelalaka

48,443
11
116
196

26

votes

7 answers

Why is SRP not widely used?

SRP seems to be a very good password authentication protocol, compared to any other things used now. So why is there no popular implementations, or even no working secure implementations? I tried to set up TLS-SRP protocol, but it haven't worked…

asked May 05 '13 at 12:35

Smit Johnth

1,681
4
17
27

26

votes

3 answers

"Weaknesses" in SHA-256d?

According to this answer, "SHA-256d" was proposed in one of the Ferguson/Schneier books like so: SHA-256d(x) = SHA-256(SHA-256(x)) Apparently, the motivation for this construction is to avoid length extension attacks. Incidentally, SHA-256d is the…

asked Apr 02 '13 at 21:09

Nemo

1,377
1
14
18

26

votes

2 answers

Is there any difference between cryptography and cryptology?

Is there a difference between cryptography and cryptology, if any? An internet search suggests that both terms can be used interchangeably.

terminology

asked Mar 25 '18 at 13:06

Nathan Aw

2,277
3
17
21

26

votes

4 answers

What makes Quantum Cryptography secure?

This is my current understanding of how Quantum Cryptography works: (The first bit is Quantum Key Distribution) Alice sends a beam of photons to Bob through a quantum channel such as an optical fiber. Each of these photons represent a bit of…

asked Sep 05 '17 at 01:46

lal lal

373
3
7

26

votes

3 answers

How Far Ahead of Academia Are Government Agencies?

This is a soft question regarding comparisons between government security services (eg, NSA or GCHQ) and open-source research (e.g., academia). Hopefully it's on-topic for this site! In essence, my question is the following. How far ahead (if at…

asked Aug 20 '17 at 10:43

Sam OT

448
5
12

26

votes

5 answers

What is Indistinguishability Obfuscation?

I've been studying functional encryption. I recently read that a multi-input functional encryption (MIFE) implies indistinguishability obfuscation (IO). Can someone please brief me: what is indistinguishability obfuscation (IO), and are its…

asked Mar 16 '17 at 11:59

user45080

26

votes

1 answer

What are the odds of collisions for a hash function with 256-bit output?

There are some related questions on the net but I did not understand their solutions. I am reading in a textbook about methods of finding a collision. It states to consider a collision for a hash function with a 256-bit output size and writes if we…

asked Aug 27 '16 at 16:54

Max

407
1
6
11

26

votes

6 answers

Did a certain cryptography method get abandoned due to security flaws in the past?

I am researching how quantum computers affect current encryption methods (RSA and more). However, I remember learning in a course that there used to be a particular encryption method which was popular but suddenly had a very bad vulnerability in the…

asked Jun 04 '16 at 23:35

Kevin Van Ryckegem

371
3
6

26

votes

3 answers

How is the One Time Pad (OTP) perfectly secure?

The Wikipedia entry on One Time Pads (OTPs) states that if this cipher is used properly; ie, the keys are truly random and each part of the key is independent of every other part, it's uncrackable, and yields perfect secrecy, i.e., $H(M|C) =…

asked Dec 06 '15 at 17:55

xyz

455
1
5
8

26

votes

3 answers

Why do block ciphers need a non-linear component (like an S-box)?

Why is there a requirement of "Non-Linear functions" as a component of many popular block ciphers (e.g. the S-box in DES or 3DES)? How does it make the cipher more secure? The only intuition I have is a non linear function can have many roots…

asked Jun 06 '12 at 01:04

David

443
1
4
6

Most Popular