Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
15
votes
1 answer

How to build an electro-mechanical public key cipher machine?

It is generally assumed that asymmetric encryption schemes were invented in 1973 at GCHQ in Britain and, independently, in 1976 at the MIT. Imagine, if the abstract idea of having a public key and a private key that can only decrypt what has been…
Manuel Ebert
  • 201
  • 1
  • 7
15
votes
2 answers

How to do a literature search

How do I do a literature search of the research literature on cryptography? Assume there's some topic in cryptography I'd like to learn more about; how do I search the cryptographic research literature to find research papers that might be…
D.W.
  • 36,365
  • 13
  • 102
  • 187
15
votes
2 answers

Is CBC really dead?

I developed a p2p-app in C# which sends and receives encrypted text messages (50kB). For encryption, my app uses 128-bit AES in CBC cipher mode. For each message it uses a new randomly-generated IV. However, after reading the following two…
Mike
  • 315
  • 1
  • 8
15
votes
3 answers

Is there any strong enough pen-and-paper or mind cipher?

Some ciphers are talked about at “Is there a secure cryptosystem that can be performed mentally?”, but (at the time of writing) I don't see an answer. Are they strong enough, or are non-computer ciphers more or less just a toy and one should…
Smit Johnth
  • 1,681
  • 4
  • 17
  • 27
15
votes
2 answers

Are cryptographic hash functions perfect hash functions?

For a cryptographic hash function and input values of shorter length than the hash function output, it's pretty obvious that there should be as few collisions as possible. But are there guaranteed to be none? In other words, for a cryptographic hash…
lxgr
  • 1,798
  • 1
  • 13
  • 22
15
votes
2 answers

Why do we append the length of the message in SHA-1 pre-processing?

As we know, SHA-1 is irreversible, so why do we append the length of the message to the preimage?
Am1rr3zA
  • 755
  • 1
  • 7
  • 9
15
votes
8 answers

Can I say "I have encrypted something" if I hash something?

As I understand it, a hashing algorithm is some kind of encryption, just a specific kind of it. So is it wrong to say "I encrypted this value." if I "only" hash it? I understand that it gives the wrong impression, but I think it is not absolutely…
Johannes Rabauer
  • 285
  • 5
  • 8
15
votes
3 answers

What is the use of REAL random number generators in cryptography?

I understand the use of pseudo-random number generators. I am not getting mixed up between these and "real" random number generators. However, I don't understand for what a real random number generator is used. If it is not deterministic, how can it…
liamzebedee
  • 325
  • 2
  • 7
15
votes
2 answers

Does GCM (or GHASH) only provide 64-bit security against forgeries?

In a recent comment a doubt was voiced about my answer, which claims GCM to requires $2^{128}$ for a successful forgery. The doubt was that the square root needs to be taken meaning the security would be $2^{64}$. So of course I immediately checked…
SEJPM
  • 45,967
  • 7
  • 99
  • 205
15
votes
1 answer

When do ECC patents end?

As the topic says, since when can ECC cryptography be freely used? Is it not widely used because of patents? There is no alternative to it on embedded devices and smart cards. Just to mention: I am not from the USA. I'm a simple user who wants ECC…
Smit Johnth
  • 1,681
  • 4
  • 17
  • 27
15
votes
1 answer

Security of pairing-based cryptography over binary fields regarding new attacks

In the last week, the discrete logarithm problem was broken for the binary fields $\mathbb{F}_{2^{(14 \times 127)}}$ and $\mathbb{F}_{2^{(27 \times 73)}}$. Pairing-based cryptography using binary fields currently relies on fields such as…
Conrado
  • 6,414
  • 1
  • 29
  • 44
15
votes
1 answer

Representing a function as FHE circuit

I am actually trying to study homomorphic encryption (on lattices) but I'm facing a problem. Every paper that I have read so far talk about writing the function to evaluate on ciphertexts as a circuit, either boolean or arithmetic according to our…
Binou
  • 408
  • 5
  • 14
15
votes
2 answers

What is the difference between TRNG and CSPRNG?

I understand the output of a TRNG is almost impossible to reproduce, such a flipping a coin 100 times to produce a 100-bit sequence. However, it is also my understanding that a CSPRNG produces an unpredictable output. If they are both…
Red Book 1
  • 1,025
  • 10
  • 26
15
votes
2 answers

How reassuring is 64-bit (in)security?

In Feb 2017, CWI and Google announced SHAttered hash collision attack on SHA1, which took $2^{63.1}$ work estimated 6500 CPU years, to achieve. Therefore, 64-bit should be considered now an insecurity. However, that's on the cloud computers of one…
DannyNiu
  • 9,207
  • 2
  • 24
  • 57
15
votes
2 answers

Calculating entropy within xkcd 936: Password Strength

When I calculate entropy for the xkcd Password Strength (comic 936) I don't get nearly the amount of entropy stated in the comic. So why doesn't the the first password "Tr0ub4dor&3" have an entropy of around 50 bits? And why doesn't the passphrase…
Blafasel
  • 163
  • 1
  • 5
1 2 3
99 100