Highest Voted Questions - Cryptography Stack Exchange

18

votes

3 answers

How can a random salt for a hash function work in practice?

I understand the theory behind the use salts in hash functions, but when I see it implemented, the implementations always generate the salt on the fly and the salt appears to be different for every hash. When implementing a salt for users signing…

asked Jul 12 '11 at 19:40

Corey Ogburn

851
7
18

18

votes

3 answers

Why do "nothing up my sleeve numbers" have low entropy?

As a preface, forgive me for some of the links being from Wikipedia. I realize that academia frowns upon this. I came across this article about "nothing up my sleeve numbers". In it, it says: In cryptography, nothing up my sleeve numbers are any…

entropy

asked May 16 '14 at 17:11

asteri

283
1
5

18

votes

1 answer

Perfect Forward Secrecy with NaCl

I would like to use the NaCl cryptography library (or TweetNaCl), but I would very much like to have perfect forward secrecy for my application. From what I understand, all Bob needs to to decrypt a message from Alice with NaCl's crypto_box_open is…

asked May 20 '14 at 10:46

dubadu

303
1
6

18

votes

1 answer

Is TEA considered secure?

Wikipedia claims that the best attack on the surprisingly simple TEA block cipher, that isn't a related-key attack, has a time complexity of $2^{121.5}$. So despite how unsophisticated the cipher looks, if I use a KDF properly and don't use related…

asked May 15 '14 at 09:50

ithisa

1,101
9
23

18

votes

4 answers

Is it possible to validate a Public Key in RSA?

If I have a 1024-bit number, and someone is telling me that it is in fact a valid RSA public key, is there any way I can quickly validate that it is indeed so (without cracking RSA)? (I suppose I am asking if it's possible to quickly tell if a…

asked Jan 10 '12 at 05:26

yydl

699
3
8
15

18

votes

1 answer

Cryptographically secure keyed rolling hash function

I could not find any mention on the Internet of a proven/known cryptographically secure keyed rolling hash function (ie rolling MAC). Has the question been studied, is it possible to build one ? By cryptographically secure I mean properties…

asked May 08 '14 at 23:37

cyril42e

350
2
7

18

votes

2 answers

What is the MD5 collision with the smallest input values?

I am interested in MD5 collisions for small input messages. The collision examples given at http://www.mscs.dal.ca/~selinger/md5collision/ show two different strings, where only a tiny amount of data has been changed to give the same md5, but it…

asked Apr 28 '14 at 16:38

Peter

291
1
2
6

18

votes

1 answer

What are the key differences between the draft SHA-3 standard and the Keccak submission?

I just noticed that on the NIST website there is a PDF with a draft of the SHA-3 standard (i.e. FIPS 202) (marked as "new", and seemingly the page was last changed on April 7, 2014). Previously it was discussed here that NIST would be changing stuff…

asked Apr 22 '14 at 20:11

Paŭlo Ebermann

22,656
7
79
117

18

votes

3 answers

Why does SHA-1 have 80 rounds?

Why does SHA-1 algorithm have exactly 80 rounds? Is it to reduce collisions? If yes, then why do SHA-2 and SHA-3 have a lower number of rounds?

asked Mar 13 '14 at 13:17

tausif

283
3
6

18

votes

1 answer

GCM vs CTR+HMAC tradeoffs

So these days I see everyone using AES-GCM. What are its advantages over simple CTR+HMAC modes? Is it speed? Or ciphertext length? And what are the security tradeoffs, both in terms of practical cryptanalysis and theoretical attacks complexity?

asked Mar 01 '14 at 03:26

Samee

281
1
2
3

18

votes

4 answers

Analog encryption algorithms

I have a basic understanding of how strong encryption works on digital data. Bits can be changed so that they appear completely random and map one-to-one back to the original set, given the correct decryption key (and possibly other parameters). But…

encryption

asked Feb 19 '14 at 20:29

Luc

1,508
3
19
34

18

votes

6 answers

What is the importance of Modular arithmetic in cryptography?

Why do we use modular arithmetic so often in Cryptography?

asked Dec 12 '11 at 13:36

user5507

1,913
5
20
29

18

votes

2 answers

Why is the discrete logarithm problem assumed to be hard?

This might be a quite stupid question: since a naive brute force algorithm to solve the discrete logarithm problem will only take O(n) time for a group G with order n, why is it assumed to be hard to solve? Doesn't hard mean no polynomial algorithm…

discrete-logarithm

asked Jan 12 '14 at 11:44

Boyu Fang

447
1
5
13

18

votes

3 answers

Strength of MD5 in finding duplicate files

Why are there a lot of duplicate file finder applications which are using MD5 Algorithm? What is the strength of MD5 in terms of searching duplicate files in hard disk or flash driver or any other storage device?

asked Jan 01 '14 at 11:28

goldroger

1,727
8
33
41

18

votes

1 answer

Did NIST verify “post-quantum” claims in the SHA3 proposal papers?

I have been reading Bernstein’s “Quantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein” paper from 2010… This document disproves the claims of preimage resistance for Blue Midnight…

asked Dec 01 '13 at 23:24

e-sushi

17,891
12
83
229

Most Popular