Highest Voted Questions - Cryptography Stack Exchange

15

votes

3 answers

Does a partial preimage attack imply a preimage attack?

Let's assume we have an $n$-bit hash function and a $b$-bit partial preimage attack that is faster than brute force. Does this imply a faster than brute force preimage attack on the whole hash? It seems that it does, because if you run the $t<2^b$…

asked Jun 04 '16 at 10:03

otus

32,132
5
70
165

15

votes

3 answers

Is using a predictable IV with CFB mode safe or not?

While writing this answer, I noted that NIST SP 800-38A says that (emphasis mine): "For the CBC and CFB modes, the IVs must be unpredictable. In particular, for any given plaintext, it must not be possible to predict the IV that will be associated…

asked Aug 11 '12 at 13:17

Ilmari Karonen

46,120
5
105
181

15

votes

3 answers

Turing's (still?) classified inference engine algorithm?

Does anyone know the algorithm used by Turing's Colossus inference engine, so highly classified that the Brits kept it secret for decades after WW II? Indeed, it may still be classified. Several years ago a colleague of mine, the late Robert…

asked Apr 19 '16 at 14:47

James Bowery

261
1
7

15

votes

2 answers

Is it possible to utilize an AES-128 encryption hardware unit for AES-256?

There exist processors (for example ARM v8/v9 archicteture based), which cannot do AES-256 hardware based, but are equipped with AES-128 encryption hardware units. Is it possible to utilize an AES-128 encryption hardware unit in some way to speed…

asked Apr 08 '16 at 18:43

0laf

153
5

15

votes

3 answers

Does composing multiple substitution ciphers improve security?

Will using two substitution ciphers one after the another be more secure than using single substitution cipher?

asked Apr 04 '16 at 12:57

Shridhar R Kulkarni

427
6
13

15

votes

4 answers

How to deal with collisions in Bitcoin addresses?

When creating a Bitcoin account, you need to issue a couple of private/public ECDSA keys. Then, you derive your account address by taking a 160-bit hash (through SHA-256 and RIPEMD) of the public key and use a custom Base 58 algorithm to convert it…

asked Mar 19 '16 at 10:04

perror

605
2
10
28

15

votes

5 answers

Is it better to encrypt before compression or vice versa?

Is it better to encrypt a plain text file before compression, or vice versa?

asked Mar 15 '16 at 22:28

fola

151
1
1
5

15

votes

3 answers

Where do I securely store the key for a system where the source is visible?

I have a customer with an Access database (ugh!) in which credit cards are stored in plaintext (yikes!), so amongst other changes I'm doing in the app, I'm applying some encryption in there. I've used Rijndael as the algorithm of choice, but I'm…

keys

asked Aug 06 '11 at 17:27

Rob Cowell

253
1
6

15

votes

2 answers

Given enough RSA signature values, is it possible to determine the public key value?

Given enough RSA signature values, is it possible to determine which public key is required to verify the values? Could there be enough information to establish which key is required? Is there anything in the RSA scheme to retrieve the modulus,…

asked Mar 12 '16 at 15:24

Maarten Bodewes

92,551
13
161
313

15

votes

4 answers

Proof of non-membership on a Merkle tree?

Assume a user $U$ and a server $S$. $U$ uploads its data and wants later to perform an authenticity check. It also sends a Merkle tree to the server. Let’s say we would like $U$ to ask for a specific element in the tree. $S$ then returns the leaf…

asked Jan 14 '16 at 03:04

curious

6,160
6
32
45

15

votes

3 answers

Do I have to recompute all hashes if I change the work factor in bcrypt?

The well-known article about why we should use bcrypt for hashing passwords mentions the work factor - some parameter to the algorithm that determines how long one hashing should be in terms of number of computations. This as the article says allows…

asked Jun 21 '12 at 11:13

sharptooth

399
2
9

15

votes

6 answers

Difference between encrypting something and hashing something

What is the difference between encrypting something and hashing something? in what situations would I want one or the other?

asked Jun 13 '12 at 17:03

Joel B

273
1
2
7

15

votes

2 answers

RSA Proof of Correctness

Can anyone provide an extended (and well explained) proof of correctness of the RSA Algorithm? And why is it needed? I can't say that this or this helped me much, I'd like a more detailed and newbie like explanation, if you don't mind too much... ;)

rsa

asked Jun 13 '12 at 15:13

Matteo

1,131
2
12
22

15

votes

2 answers

Attacking RSA signature verification that ignores padding

I am looking at a RSA signature verification that is quite obviously flawed and am wondering if there's a way to exploit that flaw in practice. Signature is generated using RSA with PKCS 1.5 padding, i.e. $S = M^d \mod N$, where $M$ is a padded…

asked Aug 08 '15 at 08:37

Andrey

847
6
11

15

votes

1 answer

Security of N bit HMAC

Lets say that I am using 128 bit HMAC. How many operations are needed to find a "non secure" message. Is a birthday attack possible?

asked Jul 29 '11 at 06:38

ralu

451
5
11

Most Popular