Highest Voted Questions - Cryptography Stack Exchange

14

votes

3 answers

Why is ciphertext from low entropy plaintext not compressible?

This comes following a discussion with a colleague. My plaintext file plain consists of a about 100,000 lines of "all work and no play...". It's size is: 2.2 MB. Compressed it is: 5.4kB I encrypt the original: openssl aes-128-cbc -in plain -out…

asked Jun 15 '12 at 20:29

Bill

293
2
5

14

votes

4 answers

Properties of PRNG / Hashes?

There are a lot of quite elaborate PRNG's out there (e.g. Mersenne Twister et.al.), and they have some important properties, especially when it comes to crypto applications. So, I was wondering how hash functions like SHA1 or MD5 would perform in…

asked Aug 02 '11 at 21:45

bitmask

283
1
9

14

votes

1 answer

Why do crypto libs use table lookups when they're vulnerable to timing attacks?

AESEngine.java, from BouncyCastle, uses table lookups as does aes_x86core.c, in OpenSSL. But per Cache-timing attacks on AES table lookups like what OpenSSL and BouncyCastle are doing are vulnerable to timing attacks. So why would they use them?

asked Aug 03 '15 at 15:15

Julie Applegate

175
5

14

votes

2 answers

What's the GCM-SHA 256 of a TLS protocol?

If we read the Google line information about how the cypher the https communication, it reads: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 I understand it's using ECDHE to exchange keys, using ECDSA as digital signature and making the symmetric…

tls

asked Jun 19 '15 at 17:09

MyUserIsThis

243
1
2
7

14

votes

3 answers

Lamport signature: How many signatures are needed to forge a signature?

Lamport signature: Signing the message Note that now Alice's private key is used and should never be used again. The other 256 random numbers that she did not use for the signature she must never publish or use. Preferably she should delete them;…

asked May 20 '12 at 12:37

Sup3rgnu

359
2
6

14

votes

4 answers

Can machine learning analyze random number generator?

I'm studying for random number generators(RNG) and I saw about machine learning a few days ago. So I searched analysis of RNG using machine learning. But I couldn't find such fields. Are there such examples for analysis of RNG using machine…

asked Mar 26 '15 at 05:10

Tylor Yoo

141
1
4

14

votes

2 answers

Encrypt-then-MAC: Do I need to authenticate the IV?

In the setting of Encrypt-then-MAC, do I need to include the IV in what I'm HMACing, or is authenticating just the AES-encrypted data sufficient?

asked Mar 11 '15 at 13:28

fadedbee

916
1
10
29

14

votes

1 answer

Making ECDSA public keys one bit shorter

In compressed form, ECDSA public keys are one bit larger than the curve size. There are some situations where this extra bit is extremely inelegant. So I had the following idea as a way to remove it. For a public key, the extra bit is always zero…

dsa

asked Mar 28 '12 at 05:46

David Schwartz

4,729
19
31

14

votes

2 answers

128 bit hash with least chance of collision?

I'm building a storage system for JSON documents where they are looked up on a 128 bit key. These JSON documents have a timestamp within them, but apart from that are user-entered data. These JSON documents can have within them private information,…

asked Mar 19 '12 at 15:10

Max

275
1
2
6

14

votes

4 answers

Do parts of a hash carry the properties of the entire hash?

When I need to generate unique id's based on some information hashing is typical choice. However, sometimes that id needs to be of a particular size. I've seen a lot of schemes (HMAC-MD5-96 in SSH, CGA in SeND for IPv6) that use a portion of a…

hash

asked Mar 08 '12 at 15:20

Marcin

263
1
6

14

votes

3 answers

What is the best way to put a backdoor in an encryption system?

How can you put a backdoor into an encryption algorithm? Are there any techniques that can be used to reduce the time it takes to break a key? I am looking for practical examples encryption schemes that have backdoors, because they were designed to…

asked Feb 26 '12 at 02:42

Goose3gg

141
5

14

votes

1 answer

Why was ISO10126 Padding Withdrawn?

Wikipedia mentions ISO10126 Padding has been withdrawn, but doesn't say why. Also there were no news reports about this, as far as I can see. Why was it withdrawn? Are there security flaws? Is there maybe a new version?

padding

asked Feb 24 '12 at 20:42

Dexter

637
1
6
10

14

votes

3 answers

How can I calculate the SHA-256 "midstate"?

Recently I've been trying to implement some Bitcoin-related code, and I've stumbled upon a weird concept, a SHA-256 "midstate". Some explanation is given here. The general concept is that Bitcoin relies on performing SHA hashing of a 128 byte data…

asked Feb 16 '12 at 06:24

ThePiachu

1,679
2
18
25

14

votes

3 answers

Entropy of two concatenated random values

In this Intel blog posting, the author claims: The amount of work required to brute-force predict a random value that has n bits of entropy is $O(2^n)$. If you concatenate two values together, the entropy required to brute force the result becomes…

asked Aug 11 '14 at 22:39

user13741

2,627
11
16

14

votes

4 answers

Tactics available to help prove security of a new system?

I believe that the accepted tactic to "prove" a system as secure is to allow the crypto-community to review it and if no vulnerabilities are found over a long period of time (5 or 6 years), then a new system can be accepted as secure until proven…

asked Jul 18 '11 at 20:47

Corey Ogburn

851
7
18

Most Popular