Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
18
votes
2 answers

Can AES decryption be used as encryption?

Definition E: AES encryption D: AES decryption x: plain text y: encrypted text k: key In original AES cipher, encryption: y = E(x, k) decryption: x = D(y, k) Then I define the "reverse AES cipher" as below. encryption: y = D(x, k) decryption:…
user2669862
  • 183
  • 1
  • 4
18
votes
1 answer

How to communicate by email with forward secrecy and deniability?

My correspondents and I would like to communicate privately by email. We used to employ PGP but that might have been shooting ourselves in the foot. PGP doesn't have forward secrecy. If any of our private keys are ever compromised (by law, hacking,…
Colonel Panic
  • 303
  • 2
  • 11
18
votes
2 answers

SHA-256: (Probabilistic?) partial preimage possible?

Currently busying myself with the Bitcoin "mining" algorithm, I am wondering if the process really cannot be simplified. For reference, the algorithm is basically SHA-256d: $$\mathit{success} := \operatorname{SHA256}( \operatorname{SHA256}(…
JimmyB
  • 302
  • 2
  • 10
18
votes
2 answers

Is Bruce Schneier Applied Cryptography, Second ed. up to date?

I like Applied Cryptography, and I am returning to cryptography after a while. So I am wondering if that book is up to date or can be complemented with other references. I am looking for a book, authoritative, well documented. Possibly including…
user7338039
  • 191
  • 6
18
votes
1 answer

Do recent announcements about solving the DLP in $GF(2^{6120})$ apply to schemes proposed for cryptographic use?

A recent paper by Göloğlu, Granger, McGuire, and Zumbrägel: Solving a 6120-bit DLP on a Desktop Computer seems to "demonstrate a practical DLP break in the finite field of $2^{6120}$ elements, using just a single core-month". They credit a 2012…
fgrieu
  • 140,762
  • 12
  • 307
  • 587
18
votes
0 answers

The aftermath and considerations of the new record of 30750-Bit Binary Field Discrete Logarithm - 2020

Granger et al. recently published a paper about breaking a record for discrete logarithm on the Binary field Computation of a 30 750-Bit Binary Field Discrete Logarithm, Robert Granger and Thorsten Kleinjung and Arjen K. Lenstra and Benjamin…
kelalaka
  • 48,443
  • 11
  • 116
  • 196
18
votes
5 answers

Is it easy to crack a hashed phone number?

I want to SHA256 hash phone numbers in order to hide them. Is this a good idea? Are there any other ways I could make this safe?
Jack Resone
  • 297
  • 1
  • 2
  • 4
18
votes
2 answers

A website that identifies an RNG from its output

This happened during a discussion of RNG entropy, and the difficulty of verifying the level of entropy in a long sequence of bits (e.g. a private key.) A colleague of mine told me about a website that, given a sufficient quantity of output from an…
AJM
  • 299
  • 4
  • 12
18
votes
2 answers

Where did ChaCha20 and Salsa20 stream ciphers get their names from?

This is not a question targeted at a specific crypto implementation, but a question out of curiosity. What's the reason for calling the stream ciphers ChaCha/Salsa? I couldn't find any information about this on the Internet. Are those names somehow…
Aravind A
  • 1,020
  • 10
  • 21
18
votes
1 answer

Crypto AG (Switzerland) - Which algorithms were used and how did the backdoors work?

Backstory Crypto AG was a company located in Switzerland that specialized in communication security. They produced a number of encryption machines (some similar to the infamous Enigma) used for secure communication. The company was secretly bought…
AleksanderCH
  • 6,435
  • 10
  • 29
  • 62
18
votes
1 answer

In 2020, SHA-1 practically broken in chosen-prefix collision (CP-collision). Can double SHA-1 hashing prevent CP-collision?

In a recent study SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust by Gaëtan Leurent and Thomas Peyrin. 2020, they showed the first practical chosen-prefix collision attack that required two months…
kelalaka
  • 48,443
  • 11
  • 116
  • 196
18
votes
7 answers

How to check a file was encrypted (really & correctly)

I would like to audit how an implementation of an encryption algorithm is really performed with the following given data of the problem: the encryption mechanism is reversible (this isn’t a signature), the algorithm is pretended to be AES, but…
dan
  • 289
  • 1
  • 2
  • 7
18
votes
3 answers

Digital signature that is only verifiable by one specific person

I would like to digitally sign a message in such a way that the signature can only be verified by one specific person. Simply encrypting the signature will not work, because that person could then decrypt and publish the signature and everyone else…
Jesbus
  • 281
  • 2
  • 8
18
votes
2 answers

Can I select a large random prime using this procedure?

Say I want a random 1024-bit prime $p$. The obviously-correct way to do this is select a random 1024-bit number and test its primality with the usual well-known tests. But suppose instead that I do this: select random odd 1024-bit number $n$ if…
Fixee
  • 4,158
  • 2
  • 25
  • 39
18
votes
4 answers

Using Tweets as a Random seed

I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the…
aa8y
  • 299
  • 2
  • 5
1 2 3
99 100