Highest Voted Questions - Cryptography Stack Exchange

17

votes

8 answers

Would it be secure to use random numbers from random.org in a cryptographic solution?

Random.org provides true random numbers through an unsecured web service. Since these numbers would be transmitted in plaintext could they still be considered useful as true random numbers while maintaining security in a cryptographic solution? At…

random-number-generator

asked Jan 10 '12 at 20:44

Jim McKeeth

931
8
16

17

votes

2 answers

Are AES-256's related-key weaknesses exploitable if it is used to build a hash?

Assume it is made a hash based on AES-256 encryption (perhaps because this is hardware-accelerated, but no standard hash is); and it is used the Merkle–Damgård structure, that is padding of the message into $n$ padded message blocks $M_i$ (appending…

asked Apr 14 '14 at 10:21

fgrieu

140,762
12
307
587

17

votes

4 answers

How do you find a single cheater in Shamir Secret Sharing?

If there are 4 people involved, and every two of them should be able to know the secret (the polynomial is just a line) and you are given $f(x)$ and $x$ for each of those people, and you know exactly one of them is a cheater, how do you find the…

secret-sharing

asked Dec 16 '11 at 01:10

user784756

271
2
3

17

votes

1 answer

The difference between these 4 breaking Cipher techniques?

I'm trying to understand the difference between the following and what they actually mean : Known plaintext attack Known ciphertext attack Chosen ciphertext attack Chosen plaintext attack Any clarification is much appreciated…

asked Feb 02 '14 at 07:10

Scarl

445
1
6
15

17

votes

1 answer

Why did NIST remove The Lempel-Ziv Compression test from the Statistical Test Suite?

NIST removed "The Lempel-Ziv Compression" test from the Statistical Test Suite in revision 2008 and above and has not incorporated it since – see revision 2010. Why was it removed? Does it no longer provide sufficient testing of a PRNG or was it…

asked Jul 14 '11 at 22:26

ir01

3,992
3
21
31

17

votes

1 answer

Advantages using Diffie-Hellman or ElGamal

For what kind of usage should we prefer using Diffie-Hellman in order to exchange keys instead of ElGamal, and most important why should we use one or the other? I do not see a clear difference between these two algorithms. What are their respective…

asked Jan 12 '14 at 11:37

Hastal

171
1
1
3

17

votes

1 answer

Can a LFSR be cryptographically secure?

I have been looking at an embedded microcontroller which has a cryptographic hardware engine (in particular the PIC32MZ family). These devices have what they advertise as a cryptographically secure PRNG, as well as a true random number…

asked Jan 07 '14 at 07:43

Duncan Drennan

293
2
7

17

votes

2 answers

Can you explain “weak keys” for DES?

A weak key for DES is a key $K$ such that $DES_{k_1}(DES_{k_2}(x))=x$ for all $x$. I don't get why are the 4 keys $k_1||k_2$: $1^{112}$, $0^{112}$, $0^{56}||1^{56}$, $1^{56}||0^{56}$ considered as weak. (Also didn't find some detailed explanation in…

asked Dec 08 '13 at 21:30

Bush

2,130
2
18
26

17

votes

1 answer

What is wrong with AES-CTR-HMAC-SHA256 - or why is it not in TLS?

It seems the only specified CTR mode ciphers in TLS are all GCM based. GCM ciphers run AES-CTR and do authenticated encryption with a MAC based on Galois-field arithmetic ("GHASH") - and the latter seems to be difficult to get right in software…

asked Oct 26 '13 at 20:39

oberstet

447
1
5
11

17

votes

2 answers

RSA with modulus product of many primes

I would like to ask what happens if we build an RSA system with modulus a product of more than 2 primes, for example let $n=p_{1}p_{2}...p_{L}$. I know only the classical RSA system with $n=pq$ with $p$ and $q$ large prime numbers. I guess the…

asked Oct 25 '13 at 19:37

CryptoBeginner

355
1
2
5

17

votes

1 answer

How are the AES S-Boxes calculated?

I'm trying to understand how the AES S-Boxes are calculated. I understand how the multiplicative inverse is calculated over $GF(2^8)$, but I'm confused by the description of the affine transformation. I haven't been able to Google a good explanation…

asked Oct 13 '13 at 00:59

ConditionRacer

413
1
4
7

17

votes

3 answers

Why is AES not a Feistel cipher?

I am studying for an exam right now. And I wanted to make sure I got this point correct. AES is not a Feistel cipher because the operations in AES are not invertible. Is the above statement correct? If not, why isn't it a Feistel cipher?

asked Sep 28 '13 at 04:20

mike

273
1
2
5

17

votes

5 answers

Examples of frauds discovered because someone tried to mimic a random sequence

[Moderator note: this question now lives there] So, I'm preparing a talk about the well known fact that humans are bad at the task of generating uniformly random sequences of numbers when asked to do so, which is a huge flaw for simple cryptographic…

asked Dec 10 '22 at 14:39

Swike

278
2
7

17

votes

1 answer

What NIST protocol was allegedly backdoored by NSA in 2006?

From a recent NY Times article: Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for…

asked Sep 08 '13 at 21:15

Fixee

4,158
2
25
39

16

votes

1 answer

Replacing the Rijndael S-Box?

The Rijndael S-Box design generates a permutation cycle of type $2+27+59+81+87$. What effect would replacing that permutation with a cycle of type $256$ have on the security of AES?

asked Jul 13 '11 at 17:42

bzc

525
8
20

Most Popular