Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
19
votes
5 answers

How many hex digits do I need to compare when manually checking hash functions?

I sometimes run sha256sum on large files after transferring them from one place to another, and will just skim the hash output to verify it's correct. But, I usually just look at the first/last 5 or 6 hex digits and call it good enough. I know that…
Paul
  • 193
  • 1
  • 6
19
votes
0 answers

Adding bit constants to the key schedule to reduce rounds?

Bit constants are often added to the key schedule to reduce slide attacks. I have reviewed David Wagner's work, where he showed that the increased rounds in a Feistel network do not help if you have key symmetry. I have been trying to find some…
b degnan
  • 4,810
  • 1
  • 24
  • 48
19
votes
1 answer

Understanding the wide trail design strategy

I am trying to understand the wide trail design strategy. I have read the paper (paywall-free preprint) which describes it from the point of view of AES. From what I understand, it is a technique to increase diffusion in a particular way to resist…
forest
  • 15,253
  • 2
  • 48
  • 103
19
votes
1 answer

What are the benefits of lattice based cryptography?

Previously we visited the benefits of elliptic curves for cryptography. Lattice based cryptography is starting to become quite popular in academia. The primary benefit of lattice based crypto is the resistance to quantum algorithms. Are there other…
mikeazo
  • 38,563
  • 8
  • 112
  • 180
19
votes
1 answer

Overview of relations between cryptographic primitives?

Is there a web page that gives a graphical (or, alternatively, a textual) overview of known implications and separations between cryptographic primitives? More specifically, I am looking for something like the following, but more comprehensive and…
mti
  • 655
  • 3
  • 12
19
votes
1 answer

What is the relationship between p (prime), n (order) and h (cofactor) of an elliptic curve?

I am reading up on ECC and having trouble understanding how these are related. In a finite field, all point operations are taken modulo $p$. $n$ is the order of the generator $G$ — which apparently is the number of different points on the curve…
SFlow
  • 465
  • 3
  • 7
19
votes
2 answers

How fast can a SHA-256 implementation go?

I'm looking for high-speed SHA-256 implementations, and specifically, ones with low latency; that is, the time between when you submit the message block, and when the output (or internal state) is produced. I've googled it, and the fastest I've…
poncho
  • 147,019
  • 11
  • 229
  • 360
19
votes
1 answer

Could we break MD5 entirely in the future?

Even of today MD5 is (sadly) still heavily used in some applications. Even big tools like ApacheMD5. But even today there are more then enough MD5 hashes which are still not cracked. According to Wikipedia, the strongest attack at time of writing…
Richard R. Matthews
  • 4,455
  • 7
  • 29
  • 47
19
votes
3 answers

Can deterministic ECDSA be protected against fault attacks?

In a paper by Barenghi and Pelosi, it was described that fault attacks could be used to derive the secret key when using deterministic ECDSA as described in RFC6979 by @Thomas_Pornin Deterministic (EC)DSA. The purpose of the attacker in this case…
Yustack
  • 361
  • 1
  • 5
19
votes
1 answer

Boolean Circuits vs Arithmetic Circuits

I am just wondering what's the differences between boolean circuits and arithmetic circuits? I know the basic notions of circuits. My question is their applications in cryptography. For example, why we should consider them separately (e.g., why we…
CryptoLover
  • 932
  • 1
  • 6
  • 19
19
votes
2 answers

How long would the 100 Year Cryptography Project have secured its data had it been started 100 years ago?

The goal of the Tahoe-LAFS 100 Year Cryptography project is to "enhance Tahoe-LAFS's cryptographic system so that Tahoe shipped today/next year might remain safe from cryptographic attacks for a 100 years." Its developers are openly collaborating…
Marsh Ray
  • 1,876
  • 13
  • 15
19
votes
2 answers

How is encryption broken today?

There are often articles in the news that state that a certain country or hacker has been able to decrypt/hack highly protected systems: Some examples are the Lockheed Martin RQ-170 Sentinel that was downed in Iran and later said to be partly…
Quasar
  • 301
  • 2
  • 6
19
votes
1 answer

How does the "biased-$k$ attack" on (EC)DSA work?

I recently stumbled across Thomas Pornin's old answer about deterministic (EC)DSA again. There he states the following: Note that $k$ must be generated uniformly in the $[1, q-1]$ range (where $q$ is the subgroup order). Any information on $k$,…
SEJPM
  • 45,967
  • 7
  • 99
  • 205
19
votes
2 answers

Is there any SRP-like key exchange only using "standard" cryptographic primitives?

I am looking into PAKEs (password-authenticated key exchanges), and it seems like SRP (Secure Remote Password) is essentially the de-facto standard. However, implementing SRP actually requires doing modular arithmetic, and is similar to, say,…
ithisa
  • 1,101
  • 9
  • 23
19
votes
4 answers

Is password-based AES encryption secure at all?

For a few years I have put all my passwords in a text file and encrypted that file with a password using a software solution (Axcrypt) which uses AES-128. The password is not really strong, but I thought AES encryption would make it strong…
Pouria
  • 313
  • 1
  • 2
  • 7
1 2 3
99 100