Highest Voted Questions - Cryptography Stack Exchange

25

votes

5 answers

With sufficient randomness, is XOR an acceptable mechanism for encrypting?

I have heard criticism of various cryptosystems saying that "at their heart, they were just XOR." Is this just ignorance, or is there something inherently wrong with XOR based ciphers?

asked Jul 12 '11 at 22:15

John Gietzen

1,505
2
15
16

25

votes

2 answers

Why is it not possible to increase the size of RSA keys indefinitely?

According to this primer on elliptic curves by Ars Technica, when composite numbers get "too" big, they become easier to factorize with Quadratic Sieve and General Number Field Sieve. While this is not explained in detail on the site, it is a common…

asked Dec 13 '16 at 07:12

fast-reflexes

361
3
5

25

votes

2 answers

What's the difference between PBKDF and SHA and why use them together?

I've been reading a little bit about hashing lately and according to AgileBits, they use "SHA512 within PBKDF2" in their new vault file. I've looked in Wikipedia for both names and I know PBKDF2 is a key derivation function and SHA is a…

asked May 12 '16 at 20:46

Danowsky

353
1
3
4

25

votes

3 answers

What differentiates a password hash from a cryptographic hash besides speed?

I understand that password hashes like bcrypt have the principal property of taking a long time to run, but I'm wondering what if anything about password hashes make them superior to merely running a fast cryptographic has a bunch of times. In…

asked Jul 09 '12 at 20:56

Steven

353
2
5

25

votes

3 answers

What size should the HMAC key be with SHA-256?

I'm trying to generate a secret key to be used for HMAC SHA-256 signature processing. I've seen many sample of keys with variable length from 32 characters to 96 characters. What is the ironclad rule for this key size?

asked Dec 23 '15 at 09:40

user30041

251
1
3
3

25

votes

5 answers

Developing algorithm for detecting plain text via frequency analysis

I'm currently attempting the Matasano Crypto Challenges as a basic intro to cryptography. For solving some of the earlier challenges I utilised n-grams to determine which is going to be the most likely English plain text. It has been quite…

asked Oct 31 '15 at 02:45

CryptoNoob

253
1
3
6

25

votes

2 answers

How bad it is using the same IV twice with AES/GCM?

I understand that initialization vectors (IV) should not be used twice when using AES/GCM. I am using a counter as an initialization vector. Every time I send out a new packet (I am developing an UDP based protocol that needs packet encryption) I…

asked Jul 07 '15 at 23:40

Matteo Monti

1,407
2
14
19

25

votes

1 answer

SHA-256 hash of null input?

What is the SHA-256 hash if the input is null, i.e. an empty bitstring? (Not the hash of 0 or "0".)

asked Jun 05 '15 at 09:33

Geremia

541
1
4
12

25

votes

4 answers

How many RSA keys before a collision?

I was wondering how many possible private/public keys exist? If a million people – for whatever reason – would try to generate 5 keys each in the same minute (on the same date and time) is there a high chance of collision? I believe GUID would…

asked May 06 '12 at 13:00

Nick wheatley

363
1
3
5

25

votes

2 answers

If you hashed a hash an infinite number of times would you end up with a unique hash?

If you took a hashing algorithm for example MD5 and repeatedly passed the output hash back into the algorithm an arbitrarily large number of times would you eventually end up with one unique hash? My idea is that the maximum number of hashes…

asked Apr 25 '15 at 20:29

AceLewis

353
3
7

25

votes

3 answers

How robust is discrete logarithm in $GF(2^n)$?

"Normal" discrete logarithm based cryptosystems (DSA, Diffie-Hellman, ElGamal) work in the finite field of integers modulo a big prime $p$. However, there exist other finite fields out there, in particular binary fields $GF(2^n)$. There is a…

asked Jul 21 '11 at 13:53

Thomas Pornin

86,974
16
242
314

25

votes

2 answers

Definition of "pepper" in hash functions

I am confused about the notion of "pepper" in the context of storing hashes of users' passwords. Definition 1: A pepper is a secret key Looking around the Internet, for example here or here, a pepper is frequently defined to be a fixed and randomly…

asked Dec 01 '14 at 20:23

Malte Skoruppa

545
9
13

25

votes

4 answers

How Brittle Are LCG-Cracking Techniques?

There are published techniques for cracking LCGs, but to my eye those techniques seem very brittle — very minor changes can add nonlinearity that renders techniques like the LLL algorithm unusable. Or, am I mistaken, are these variations still…

asked Nov 27 '14 at 01:57

Charphacy

526
4
10

25

votes

3 answers

Should you change salt when changing password?

Assume a password storage scheme using a computationally-expensive hash algorithm and a CSPRNG salt. User ID, salt, and hash value are stored in a table; if the table is compromised, all three values are available to an adversary. Is there any…

asked Sep 04 '14 at 09:11

Bob Brown

353
3
11

25

votes

3 answers

Proving knowledge of a preimage of a hash without disclosing it?

We consider a public hash function $H$, assumed collision-resistant and preimage-resistant (for both first and second preimage), similar in construction to SHA-1 or SHA-256. Alice discloses a value $h$, claiming that she (or/and parties she can…

asked Jan 28 '12 at 10:55

fgrieu

140,762
12
307
587

Most Popular