Highest Voted Questions - Cryptography Stack Exchange

20

votes

3 answers

Are there any secure commutative ciphers?

This answer lists two commutative cipher algorithms - Pohlig-Hellman and SRA. However, they don't appear to be too secure. My question is, here there any commutative ciphers out there that are secure enough for sensitive data encryption / decryption…

asked Mar 03 '13 at 21:53

ThePiachu

1,679
2
18
25

20

votes

6 answers

Why does WPA-PSK not use Diffie-Hellman key exchange?

Is there a reason, why in pre-shared key mode, Wi-Fi session key is not secured with something like Diffie-Hellman but instead is derived from PSK key and some information exchanged in clear during sign-on?

wpa2-psk

asked Jan 07 '13 at 07:01

Michael

303
1
2
5

20

votes

4 answers

Why is OCB-AES mode not becoming a standard for authenticated encryption?

The OCB mode of authenticated encryption (used for example with AES) is the fastest way to provide authenticity and confidentiality without having to strive into questions like: Encrypt then MAC, MAC then encrypt, Encrypt and MAC. So why it is not…

asked Dec 09 '12 at 13:41

curious

6,160
6
32
45

20

votes

3 answers

How were one-time pads and keys historically generated?

In the 20th century, it was common for various intelligence agencies and military organizations to use ciphering machines and one-time pads. However, no source I've seen ever mentions the process of generating the keys and printouts for such…

asked Feb 02 '18 at 19:16

Mark

835
6
24

20

votes

3 answers

Why did Argon2 win the PHC?

I've been reading up on Argon2 (and, to a lesser extent, other recent password hashers). I'm trying to understand why it won the competition versus the other finalists, like Catena, Lyra2, Makwa or Yescrypt. Unfortunately, I don't see much technical…

asked Jul 07 '17 at 16:34

Jonas

779
6
12

20

votes

2 answers

S-box basic question

I'm trying to understand DES and a bunch of other cryptographic systems using S-Boxes. I have now a quite basic question about how Sboxes work in general. For DES, Sboxes are substituting a 6-bits input for 4-bits output. It is clear for me how…

asked Jul 03 '17 at 18:06

Serge Waechter

201
2
3

20

votes

2 answers

Security of Schnorr signature versus DSA and DLP

The Schnorr signature scheme is a randomized signature scheme with appendix. The signature is $3t$-bit for conjectured $t$-bit security in a chosen-messages setup, with at most $2^{t/2}$ queries to a signer; a description faithful to the reference…

asked Jun 21 '17 at 21:53

fgrieu

140,762
12
307
587

20

votes

8 answers

Password cracking: What if attacker is lucky?

We have always measured password or private key strength by the amount of entropy it contains, but what if the attacker who cracks it is lucky. Consider the following simple scenario, we have 1 bit [0,1] secret , the attacker should choose between 2…

asked Feb 17 '17 at 10:57

cryptonoob400

533
1
3
12

20

votes

3 answers

Why can't the commitment schemes have both information theoretic hiding and binding properties?

The commitment schemes like Pedersen's or Hash based, either have information theoretic hiding and computational binding or computational hiding and information theoretic binding. So can we ever get both information theoretic hiding and binding? Is…

asked Nov 26 '16 at 04:50

7sujit

573
4
9

20

votes

1 answer

Using a single Ed25519 key for encryption and signature

The libsodium documentation contains a function crypto_sign_ed25519_pk_to_curve25519 that converts an Ed25519 key into a Curve25519 one, so it can be used for both key exchange/encryption and signing: "Ed25519 keys can be converted to Curve25519…

asked Jul 22 '16 at 09:31

user2552

20

votes

1 answer

Is PKCS7 a signature format or a certificate format?

I always though PKCS7 was a signature format. However, on the net I find several references to PKCS7 being a certificate format - for example, this talks about PKCS7 certificate: Extract raw certificate from PKCS#7 file in JAVA Or: What's the…

asked Jun 15 '16 at 05:42

user93353

2,191
3
23
43

20

votes

6 answers

How do ciphers change plaintext into numeric digits for computing?

For example, in RSA, we use this for encryption: $ciphertext = (m^e \mod n)$ and for decryption. If our message is "hello world", then what number do we have to put as $m$ in the RSA formula?

rsa

asked Aug 23 '12 at 18:15

Ted

201
1
2
3

20

votes

4 answers

Why do we need Euler's totient function $\varphi(N)$ in RSA?

After we calculated $N = p * q$, we calculate $\varphi(N)$ and use it later to determine $e$ (PR) and $d$ (PU). But why? For decryption and encryption, we only use $N$ and don't need $\varphi(N)$. So why can't we find $e$ and $d$ without Euler's…

asked Mar 13 '16 at 21:36

Rimen

219
1
2
4

20

votes

2 answers

What is the intuition for ECDSA?

I understand DH and ElGamal and RSA encryption/signatures. But when I look at ECDSA (or plain DSA), it seems like the formulas are just pulled out of thin air. I can verify that the algebra used in the verification formula does in fact work out,…

asked Mar 10 '16 at 02:05

Fixee

4,158
2
25
39

20

votes

4 answers

Is there a standard for OpenSSL-interoperable AES encryption?

Many AES-encrypted things (files, strings, database entries, etc.) start with "Salted__" ("U2FsdGVkX1" in base64). I hear it's some sort of OpenSSL interoperability thing: a b c. Is there some standard reference somewhere (perhaps an RFC?) that…

asked Jul 21 '12 at 06:43

David Cary

5,664
4
21
35

Most Popular