Highest Voted Questions - Cryptography Stack Exchange

14

votes

2 answers

Why has the RSA factoring challenge been withdrawn?

Wikipedia states that RSA challenge has been withdrawn. Does it mean that an efficient factoring algorithm is "just around the corner"? or are there some other reasons? If the challenge was still open people would have even more confidence in RSA.

asked Oct 11 '11 at 16:54

Jus12

1,659
1
12
21

14

votes

7 answers

Could celestial objects be used in cryptography?

If it were possible to receive a string of numbers from a celestial object (by anyone on the Earth who knows which object to look at, and what time to look) could this be of any use in cryptography? Or would it be useless, because if a bad-actor…

encryption

asked Aug 30 '21 at 18:13

user1551817

259
2
5

14

votes

3 answers

Why is the market for cryptographic primitives non-commercialized?

There are not many successful companies in cryptographic primitives market. Certicom holds many patents attached to the ECC. RSA Security probably made some profits from the patent. Are there more examples? Why do people, scientists not try to…

asked Apr 19 '21 at 18:21

Tom

1,221
6
16

14

votes

2 answers

Simple protocol for 1-out-of-2 oblivious transfer

I'm trying to explain the concept of 1-out-of-2 oblivious transfer to folks who haven't seen this idea before. I can explain what properties it provides, but it's also helpful if I can show a simple protocol for 1-out-of-2 OT, to give people a…

oblivious-transfer

asked Jun 24 '13 at 19:19

D.W.

36,365
13
102
187

14

votes

0 answers

The backdoor of Telegram on Diffie-Hellman Key Exchange and possibly other examples?

Diffie-Hellman Key-Exchange (DHKE) should be used carefully during the end-to-end encryption. A man-in-the-middle (MITM) attack is possible. Standard DHKE The simple protocol on the multiplicative version as this Alice and Bob agree on the modulus …

asked Jan 14 '21 at 13:31

kelalaka

48,443
11
116
196

14

votes

2 answers

Why don't we use Blowfish if it hasn't been cracked?

Since Blowfish is old, well-audited, and has no published attacks, why are we using AES instead? I know that Bruce Schneier said that Blowfish is insecure and told people to transition to Twofish, but why? AES has many vulnerabilities, such as…

asked Jan 01 '21 at 18:18

Evan Su

449
1
3
15

14

votes

4 answers

Disadvantages of AES-CTR?

On paper, it sounds *very* good to me: secure fast (in my tests it's somewhat slower than ECB (but without most of the weaknesses, more on that below) but faster than every other alternative I tested, which were ECB, CTR, CBC, OFB, CFB written in…

asked Oct 15 '20 at 08:24

hanshenrik

507
4
16

14

votes

1 answer

What issues are there while using Linux's /dev/urandom for generating cryptographic keys?

As of Linux 5.1 the /dev/random no longer uses the blocking pool. There is a talk about the change on the page Removing the Linux /dev/random blocking pool I believe that Linux's blocking pool has outlived its usefulness. Linux's CRNG generates…

asked Oct 13 '20 at 09:07

kelalaka

48,443
11
116
196

14

votes

1 answer

What the X stands for in the front of Elliptic curve names like X25519

I have seen Curve25519 and X25519, Curve448 and X448. I've seen a small note in this answer (Historical note: Originally, X25519 was called Curve25519, but now Curve25519 just means the elliptic curve and X25519 means the cryptosystem.) Is it a…

asked Oct 08 '20 at 15:11

kelalaka

48,443
11
116
196

14

votes

1 answer

What are the rules for using AES-GCM correctly?

When using AES-GCM I know that I am supposed to use a new initialization vector every time I call the AES-GCM algorithm with the same key. What are other rules must be followed to use AES-GCM correctly? I am looking for a bullet point checklist with…

asked Oct 04 '20 at 21:24

ams

631
1
6
14

14

votes

1 answer

Is Wikipedia's table about SHA-2 collisions correct?

I was looking a Wikipedia article on SHA-2, and the "Comparison of SHA functions" table seems to indicate that SHA-2 is less secure than SHA-1. Is this true, or is the table wrong / misleading? What does $2^{28.5}$ mean for SHA-256 compared to…

asked May 20 '13 at 22:10

Luke

339
1
9

14

votes

1 answer

How random are commercial TRNGS

I'm thinking about buying a USB TRNG. How do I evaluate its randomness? I'm sure some are better than others but which is which? Are thermal-noise better than radio-noise TRNGs?

asked May 20 '13 at 07:11

user1028028

719
5
18

14

votes

1 answer

Why are ed25519 keys not recommended for encryption?

Was wondering why there is no straightforward way of using ed25519 keys for encryption. Then I found this: https://github.com/indutny/elliptic/issues/108 There it is stated that it's unlike RSA not recommendable for this purpose - one should rather…

asked Aug 07 '20 at 06:37

Lenny

163
1
1
5

14

votes

1 answer

Trying to better understand the failure of the Index Calculus for ECDLP

So I'm going to give you guys my understanding and then if you would be so kind as to tell me where I'm off the mark (hopefully I'm not completely wrong). So basically the index calculus for the discrete log problem over $\mathbb{Z}_p$ takes…

asked May 10 '13 at 03:33

Set

303
3
10

14

votes

2 answers

How to derive two keys from one password

What is the best way to generate two independent symmetric keys from one user-entered password or passphrase? Would using both scrypt and pbkdf2 achieve this?

asked May 04 '13 at 15:52

user1028028

719
5
18

Most Popular