Highest Voted Questions - Cryptography Stack Exchange

14

votes

1 answer

How to find the encoding of an RSA public key?

What practical methods is there to reconstruct an RSA public key in unknown format? As an illustration, in a database I find this (which doesn't look like ASN to…

asked Nov 28 '16 at 08:46

Frederick The Fool

245
2
6

14

votes

3 answers

How difficult is it to practically detect a forgery in a cryptosystem?

If the encryption key that you use doesn't correspond to the decryption key used by the crypto system, it is assumed that it will not be possible to decrypt the message or you'll know that there has been some mischief. I wanted to know how will one…

forgery

asked Nov 07 '16 at 22:11

Limit

417
4
13

14

votes

2 answers

What is the difference between OTR and Signal protocols?

The Signal Protocol is a relatively new secure messaging protocol that was recently implemented in Signal, WhatsApp, and several other messenging apps. According to Wikipedia, the Signal protocol is an evolution of the OTR protocol…

asked Oct 13 '16 at 00:58

therealrootuser

241
2
4

14

votes

4 answers

Why is a known-plaintext attack considered a complete break?

I read somewhere that if a cipher has a known-plaintext attack, then it is considered completely broken. Say there is a cipher that someone uses where the algorithm is understood and a known-plaintext attack is trivial to perform, however a…

asked Jul 18 '16 at 15:19

Danegraphics

251
2
6

14

votes

2 answers

What is a "rewinding argument"?

I've been reading a bit about cryptographic protocols and I keep seeing the phrase "rewinding argument". I've been unable to find a good source that would explain what is meant by this. It seems like proofs that use this technique cause trouble…

asked Sep 11 '12 at 17:54

Jaska

141
1
3

14

votes

2 answers

Can any MAC be used as a KDF?

First, let me clarify what I mean with a Key Derivation Function (KDF). I'm interested in KDFs that take an $n$-bit symmetric master key and some diversification data of arbitrary length as input and produce an $n$-bit symmetric key as output that…

asked Jun 22 '16 at 13:04

mtvec

243
1
6

14

votes

2 answers

Do I have to have a different salt for each password?

Should I use a different salt for each password? In my system, there are no user names, only passwords. When a user logins in, he types in one or more passwords and the server compares the results of the password(s) hashed many times (PBKDF2) for…

asked Aug 30 '12 at 14:20

Eyal

405
1
4
13

14

votes

4 answers

Why is the permutation in AES (and other ciphers) not random or key-dependent?

If the permutation in AES (or other ciphers) were randomly generated or dependent on the key, would it not be stronger against differential attacks? If this is so, then might we need fewer rounds for the same level of security?

asked Apr 12 '16 at 09:12

Red Book 1

1,025
10
26

14

votes

1 answer

Is a second preimage attack on MD5 feasible?

What's the practical status of MD5 w.r.t. second-preimage? Integrity of a piece of data is protected by an MD5 hash, itself assumed genuine. The data (and thus the hash) is known to the adversary. The adversary can change the data, and wants to do…

asked Aug 02 '12 at 16:50

fgrieu

140,762
12
307
587

14

votes

1 answer

Explanation and proof of a well-know probabilistic lemma

Pointcheval and Stern in their paper on "Security proofs for Signature Schemes" state the following "well-known" probabilistic lemma: Let $A \subset X \times Y$, such that $\mathrm{Pr}[A(x, y)] \geq \epsilon$, then there exists $\Omega \subset X$…

asked Mar 29 '16 at 21:15

Student20

431
2
8

14

votes

10 answers

Are there any advantages in using proprietary encryption?

Proprietary software generally relies on the fact that in keeping the encryption algorithm private, it gets an extra layer of security implying "Security through Obscurity." Obviously this phrase has been hotly debated and surely is only acceptable…

asked Jan 15 '16 at 16:08

ellefc

345
1
2
8

14

votes

1 answer

What is the difference between key size and block size (for AES)?

We are working on AES and want to develop a website which should provide an encryption facility but we are not understanding the difference between key and the block size. More appropriately what does a 128, 192 and 256 bit key mean?

asked Jan 02 '16 at 11:18

xyz

159
1
1
3

14

votes

1 answer

What is cryptographic agility?

I keep seeing the term "Cryptographic Agility" referenced. What does it mean? For instance: https://msdn.microsoft.com/en-us/library/windows/desktop/bb204775(v=vs.85).aspx One of the key value propositions of CNG is cryptographic agility,…

asked Dec 04 '15 at 06:43

LazerSharks

303
2
6

14

votes

2 answers

Leading 00 in RSA public/private key file

I found these following values ALWAYS have the leading 00 in public/private key, public key: modulus private key: modulus, p,q, d mod (p-1), d mod (q-1), coefficient e.g., modulus 0007: 02 81 81 ; INTEGER (81…

asked Nov 17 '15 at 12:08

Matt Elson

719
7
14

14

votes

4 answers

Is there a way to optimize a linear scan while preserving anonymity?

I've been wrestling with a problem, and I was hoping if someone else had a bright idea. Here's the problem: I have two sides, Alice and Bob. Alice has a single high entropy string $A$, and Bob has a number of high entropy strings $B_i$, one of…

protocol-design

asked Oct 28 '15 at 21:26

poncho

147,019
11
229
360

Most Popular