Highest Voted Questions - Cryptography Stack Exchange

18

votes

1 answer

What changed in PKCS#1 v2.2, and why?

PKCS#1 is one of the most used (de-facto) standard for real-world use of RSA. That's for good reasons: PKCS#1 is well thought, versatile, understandable, has been relatively stable for over two decades, and remains practically secure in its original…

asked Mar 07 '13 at 22:10

fgrieu

140,762
12
307
587

18

votes

2 answers

Is TrueCrypt's multiple/cascading encryption safe?

Is TrueCrypt use of cascading encryption safe? Is it useful? TrueCrypt is arguably one of the most popular and widely used encryption applications in use today, yet it seems to use a very unconventional scheme. The software offers cascading…

asked Feb 26 '13 at 16:22

hunter

3,965
6
28
42

18

votes

1 answer

What are the consequences of removing a single byte from a sha256 hash?

I'm working on a system (Ethereum) where it is significantly cheaper to store 32 bytes than 33 bytes. I'd like to create a table where data is stored based on its hash. Sha256 would meet this criteria since it outputs 32 bytes. However, I'd also…

asked Nov 25 '18 at 21:36

Akhil F

285
2
5

18

votes

1 answer

Why does TLS 1.3 support two CCM variants?

One of the important improvements introduced in TLS 1.3 is the pruning of the many previously available cipher suites to only five secure options (for symmetric ciphers), that are each supposed to have distinct advantages. For four of these, the…

asked Nov 08 '18 at 15:46

AardvarkSoup

283
2
7

18

votes

1 answer

What is the new attack on OCB2 and how does it work?

OCB2 is proposed by Rogaway, Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , and it is standardized in ISO/IEC 19772:2009. The author also provided a proof by security reductions, that is, a break of OCB2…

asked Nov 01 '18 at 09:57

kelalaka

48,443
11
116
196

18

votes

2 answers

What password hash function for the next 50 years?

According to this report : http://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf SHA2-512, SHA3-512, Whirlpool and Blake2b are hash functions that could be safe for the next 50 years. For a system that will never receive security…

asked Jul 24 '18 at 13:02

user60569

18

votes

1 answer

What is the difference between ECDSA and EdDSA?

As I understand it, both work with elliptic curves, but there seems to be a difference as EdDSA is generally recommended over ECDSA.

asked Jun 28 '18 at 19:50

Tartori

283
1
2
6

18

votes

3 answers

RSA factorization for special primes $p$ and $q$

I want to factorize the modulus $n = pq$ knowing that $p$ and $q$ are not random, but constructed based on integer numbers $a$ and $b$ as following ($a$ and $b$ are not given): $$p = a^2 + b^2, \qquad q = 2ab + 1$$ I'm looking for an efficient…

asked Jun 10 '18 at 07:11

Lisbeth

497
3
13

18

votes

1 answer

After ECDH with Curve25519, is it pointless to use anything stronger than AES-128?

Is the following reasoning correct: After ECDH with Curve25519, the resulting shared secret will be an EC public key with a bit strength of 128 bits. This public key would then be hashed (let's say with SHA-2-256) to produce a key of length 256 bits…

asked Jun 03 '18 at 22:00

knaccc

4,732
1
16
30

18

votes

5 answers

Is there a situation where RSA cannot be replaced with ECC + symmetric algorithms? If no, why do we still use it?

RSA is both an asymmetric encryption algorithm and a digital signature algorithm. However, in recent years, many cryptographic protocols (TLS, for example) have moved away from the use of RSA to instead prefer ECC because of forward secrecy. So, my…

asked May 29 '18 at 08:27

Luke Park

562
5
15

18

votes

3 answers

AES Key Length vs Block Length

This answer points out that certain key and block lengths were a requirement for the AES submissions: The candidate algorithm shall be capable of supporting key-block combinations with sizes of 128-128, 192-128, and 256-128 bits. My question is…

asked Dec 17 '12 at 13:34

lynks

283
2
5

18

votes

3 answers

Webcam random number generator

I have a question about random number generators. I have read from a real random number generator, based on a webcam ("randcam"). My problem is, that I do not really understand how the generation of the random numbers works. Has anyone heard of…

asked Dec 01 '12 at 18:16

Simon Rühle

337
2
6

18

votes

8 answers

Why is SSL on top of TCP?

Why is SSL not under TCP (the Transport layer)?

asked Dec 08 '17 at 06:18

Raghad Jamil Jawabreh

181
1
1
3

18

votes

2 answers

Is there an encryption algorithm, which is a magnitude faster than AES (with weaker guarantees)?

There are current state-of-the-art encryption algorithms, which considered absolutely safe currently, like AES. Their speed is around the 100MB/sec ballpark on current PCs (note: this is the speed when AES instruction set is not used - I'm…

encryption

asked Nov 08 '17 at 12:04

geza

333
1
2
9

18

votes

2 answers

Schnorr signatures: multisignature support

Schnorr signature is mentioned as a promising upgrade to bitcoin to improve scalability. It support multisignature, several signatures can be aggregated into a single, new signature. But I fail to find any information on how is this made possible…

asked Jul 27 '17 at 05:54

Consy

367
2
8

Most Popular