Highest Voted Questions - Cryptography Stack Exchange

16

votes

0 answers

Fewest qubits required for the discrete logarithm problem and integer factorization

According to a paper from 2002, the most efficient circuit to factor an $n$-bit integer requires $2n+3$ qubits and $O(n^{3}\lg(n))$ elementary quantum gates, assuming ideal qubits. Later on, according to a paper from 2008, it is shown that it…

asked Feb 04 '18 at 04:40

forest

15,253
2
48
103

16

votes

0 answers

Has Telegram security been significantly improved with MTProto 2.0?

Telegram messenger's original encryption scheme, MTProto 1.0, has been shunned by most cryptographers for a number of reasons, like being vulnerable to IND-CCA attack; being unorthodox in general, making unusual applications of hashing and key…

asked Jan 29 '18 at 14:18

Dark Lotus

161
3

16

votes

1 answer

Necessity for finite field arithmetic and the prime number p in Shamir's Secret Sharing Scheme

Shamir's original paper (PDF, 197kb) describing a threshold secret sharing scheme states: To make this claim more precise, we use modular arithmetic instead of real arithmetic. The set of integers modulo a prime number $p$ forms a field in…

asked Nov 28 '12 at 01:01

ampersand

375
2
9

16

votes

1 answer

Relation between Key-exchange and Public-Key encryption schemes

Recently we have seen a lot of papers on Post-quantum key-establishment (key encapsulation mechanism or Key-exchange), largely due to the standardization call of NIST for PQ-protocols. However, most of the work for example : Kyber, NTRU-prime,…

asked Aug 22 '17 at 13:04

Rick

1,265
8
17

16

votes

1 answer

Who issued the first SSL certificate?

When SSL was introduced in ~1996, there was only a few CAs issuing certificates for that specific use and a few sites which actually used SSL. Which Certification Authority issued the first SSL certificate and whom was it issued to?

asked Aug 09 '17 at 15:55

Mark

835
6
24

16

votes

4 answers

Looking at hash output – is Base64 encoding in any way better than HEX encoding?

I was wondering why most "normal/unsafe" crypto hashes like SHA-256, SHA-512, Whirlpool, RipeMD-160, MD5, etc. are HEX encoded. But most "secure" crypto hashes (KDF' ) like bcrypt and scrypt are Base64 encoded. Why? somewhere I heared that Base64…

asked Jul 28 '17 at 14:58

Richard R. Matthews

4,455
7
29
47

16

votes

2 answers

Is digest=HASH(HASH(a)+HASH(b)) equivalent to publishing two digests?

Is combining digests (created using a hash function) using arithmetic addition, and then hashing and publishing the result, less secure than publishing the set of digests? Does the answer change if the outer hash function is different from the inner…

hash

asked Aug 22 '11 at 15:50

gavinandresen

263
1
6

16

votes

4 answers

Is using a broken SHA-1 for password hashing secure?

Recently the hashing collision issue of SHA-1 was discovered. Identical hash values for 2 separate PDF files were generated. Does that make SHA-1 any unsafe for using it only for password hashing?. The probability of two different password to match…

asked Apr 07 '17 at 09:21

Rohith K D

263
4
9

16

votes

1 answer

What is a (smooth) projective hash function?

I recently came across the term "smooth projective hash function", and I see that there are many constructions nowadays that rely on them, especially some PAKE constructions. But, I didn't exactly understand them. What are they? And why are they so…

asked Mar 19 '17 at 23:33

typos

809
6
11

16

votes

1 answer

If a hash function $H$ is collision resistant, is it true that $H(x)\neq H(x')$ for all messages $x, x'$ with $x \neq x'$?

I am puzzled with a question that seems to be based on theory. If there is a collision resistant hash function (since it is not possible for a hash function to be collision free, this is a theoretical question), would it be true to say that there…

asked Feb 06 '17 at 00:32

QWASH

171
1
4

16

votes

3 answers

Is it better to maximize memory usage or number of passes with Argon2i 1.3?

I wrote a small application that uses Argon2i for deriving symmetric keys for encryption of local files and secret Curve25519 keys. Argon2i v1.3 is susceptible to TMTO attacks if the number of passes is below 10, according to the most recent paper …

asked Oct 13 '16 at 16:52

user40185

16

votes

1 answer

Why not use `<`, `>` or `==` in constant time comparison?

I am comparing secret data stored in arrays a and b to see which holds a greater value. My current (pseudo)code looks like this: unsigned char smaller = 0, bigger = 0; for (i = 0; i < size; ++i) { smaller |= (!bigger) & (a[i] < b[i]); bigger…

asked Aug 17 '16 at 18:58

Sebastian

461
3
7

16

votes

6 answers

Why MACs are so important despite digital signatures doing everything a MAC can do and more?

When an entity $A$ wants to send a message to entity $B$, he can attach a MAC to the message. Entity $B$ on receiving the message can use the pre-shared key to compute the same MAC and confirm if the message is untampered with. This approach…

asked Jul 11 '16 at 15:51

Minaj

1,080
1
13
28

16

votes

2 answers

Why is the salt used only once in PBKDF2, while the password is used often?

The purpose of PBKDF2 is to create a derived key (DK) from a master password (PW) and a salt, often using a function like HMAC-SHA256. I have read that the salt should be as random as possible. But if that's the case, why does it play such a minor…

asked Sep 05 '12 at 16:54

ericball

413
4
10

16

votes

0 answers

Name of an archaic type of RSA padding (0BBBBBBB...)

In some legacy code, I encountered RSA signature padding in the following format (hexadecimal): 0B BB BB BB BB BB BB ... BB BB Is there a name for this simple type of RSA padding? I would think that the original developers got this design…

asked Jun 14 '16 at 22:53

Myria

2,575
13
26

Most Popular