Highest Voted Questions - Cryptography Stack Exchange

21

votes

1 answer

Why are there limitations on using encryption with keys beyond certain length?

I am writing a java program to encrypt a message using 256-bit AES encryption, but I am getting illegal key size error, I have read that I have to use some JCE Unlimited Strength Jurisdiction Policy Files to encrypt/decrypt message with key of…

encryption

asked Nov 28 '14 at 15:04

Riley Willow

343
1
3
6

21

votes

3 answers

Choice of multiplication polynomial in Rijndael s-box affine mapping

The Rijndael specification details the design choices for the s-box in section 7.2. They describe the choice of affine mapping as follows: We have chosen an affine mapping that has a very simple description per se, but a complicated algebraic…

asked Jun 29 '14 at 12:29

Richie Frame

13,097
1
25
42

21

votes

1 answer

How to provide secure "vanity" bitcoin address service?

Bitcoin addresses are RIPEMD-160 hashes of the public portion of a public/private ECDSA keypair (along with an abbreviated hash of the hash to provide a check code, as @pulpspy notes in a comment). They are generally base-58-encoded. See Address -…

asked Jul 12 '11 at 19:38

nealmcb

570
3
13

21

votes

1 answer

Security of RSA for paranoids with padding?

RSA for Paranoids (RSAP) (in CryptoBytes v1n3), also known as Unbalanced RSA, is a variant of RSA proposed in 1995 by Adi Shamir, as a mean to increase the RSA public modulus size while keeping computation cost moderate. It is getting renewed…

asked Apr 12 '14 at 23:07

fgrieu

140,762
12
307
587

21

votes

1 answer

How to choose a padding mode with AES

Depending on the framework you are using, there are various padding modes that can be used with AES encryption. For example, with .NET we can choose PKCS7, ISO10126, ANSIX923, Zeros or None. I understand that the encryptor and decryptor need to use…

asked Dec 16 '11 at 09:18

Cocowalla

450
1
5
17

21

votes

6 answers

Why does PBKDF2 xor the iterations of the hash function together?

The definition of PBKDF2 states that I obtain a derived key (1) by calling a pseudorandom function a bunch of times recursively: $U_1 = PRF(password, salt)$ $U_2 = PRF(password, U_1)$ … $U_n = PRF(password, U_n-1)$ The standard then defines the…

asked Jul 15 '11 at 04:06

Cameron Skinner

313
2
7

21

votes

4 answers

Can CBC ciphertext be decrypted if the key is known, but the IV not?

Let's say that there is a binary file encrypted with AES in CBC mode (i.e. using a key and initialization vector). If key is known, but IV is not, is it easy to fully decrypt the file? How hard is it?

asked Nov 05 '11 at 21:47

Ben

375
1
3
7

21

votes

2 answers

Why is AES considered to be secure?

The security of RSA is based on the integer factorization problem, which is a very well defined and understood mathematical problem. This problem must be solved in order to fundamentally break RSA. What about AES (and others based on the same…

asked Sep 20 '13 at 13:34

Eiver

313
2
8

20

votes

5 answers

Are there cryptographic hash functions that can be computed using only paper and pen without leaking any information about the plaintext?

I am looking for a cryptographic hash function that can be computed by a human using only paper and pen without ever leaking any information about the plaintext on the paper. The cryptographic hash function should be computable by an algorithm…

asked Aug 17 '13 at 02:55

Vincent Yu

372
4
11

20

votes

3 answers

Pre-image resistant but not 2nd pre-image resistant?

Are there any cryptographic hash functions for which there is a known pre-image attack, or a known second pre-image attack, but not both? The attack doesn't have to be practical - just anything that beats the security claim of the hash…

asked Aug 11 '13 at 21:12

Michael

1,489
9
17

20

votes

3 answers

Specification of the Megamos crypto algorithm

It has recently emerged that a paper that was scheduled to appear at Usenix Security 2013, titled "Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser", has been censored according to a newspaper article in the "Guardian". A…

asked Jul 26 '13 at 23:54

D.W.

36,365
13
102
187

20

votes

2 answers

What is the general justification for the hardness of finding preimages for cryptographic hash functions?

Since most cryptographic hash functions are simple, compact constructions does this simplicity impose a limit on the complexity and the size of a function that can generate preimages? That is, given a cryptographic hash function, H of some length…

asked Jul 12 '11 at 19:02

Ethan Heilman

2,276
1
20
40

20

votes

2 answers

What is wrong with using SHA1 in digital signatures? Why is a robust hash function needed?

For the purposes of signing and verifying signatures, what is the value of the hash function? Why would it matter if SHA1 is later determined to be easy to break? Since a Public/Private key process is still used, is SHA1 only a utility to create…

asked Sep 28 '11 at 16:03

pcunite

303
1
2
5

20

votes

1 answer

How does IBM's 53-bit quantum computer compare to classical ones for cryptanalytic tasks?

IBM just announced "a new 53-qubit quantum computer". How does it compare to classical computers, performance-wise, for cryptanalytic tasks? E.g. finding a 48- or 64-bit value whose SHA-256 has a certain value (edit: or factoring the product of two…

asked Sep 18 '19 at 19:36

fgrieu

140,762
12
307
587

20

votes

13 answers

Spoken encryption

I have long had this idea of a simple encryption that can be used during spoken conversations to communicate with someone without being understood by other people in the room. Is there anything like that? The criteria are as follows: Does not have…

encryption

asked Jul 25 '19 at 07:28

Dakkaron

347
3
7

Most Popular