Highest Voted Questions - Cryptography Stack Exchange

14

votes

3 answers

In what way is XXTEA really vulnerable?

I'm looking at using the XXTEA algorithm to encrypt a small amount of data (say, less than 32KB) in the context of a software licensing algorithm. That is, we wish to make it difficult (not impossible) for our customers to forge (encrypted) license…

asked Jan 17 '14 at 20:50

John Sambrook

149
1
4

14

votes

3 answers

Multiplicative inverse in $\operatorname{GF}(2^8)$?

I know how to do multiplication over ${\rm GF}(2^8)$: uint8_t gmul(uint8_t a, uint8_t b) { uint8_t p=0; uint8_t carry; int i; for(i=0;i<8;i++) { if(b & 1) p ^=a; carry = a & 0x80; a = a<<1; …

asked Jan 16 '14 at 14:13

Melvin

331
1
3
7

14

votes

1 answer

Coefficients in Shamir's Secret Sharing Scheme

Sorry if this is a stupid question, but: in Shamir's scheme, we construct a polynomial and make our secret $S$ the zero-th coefficient $a_0$. What, if anything, necessitates this - in other words, can we make include $S$ as $a_1$ or any other…

asked Dec 22 '13 at 21:55

Chiffa

243
2
6

14

votes

1 answer

RSA-PSS salt size

One of the inputs of RSA-PSS signing and verification is the salt size. According to PKCS#1, you must know the salt size before the verification is carried out. However, this makes interoperability impossible: if, for example, I want my program to…

asked Nov 17 '11 at 11:31

Conrado

6,414
1
29
44

14

votes

3 answers

Is it reasonable to assure that p-1 and q-1 aren't smooth?

I came across the requirement that, in RSA, $p-1$ and $q-1$ shouldn't be smooth, shouldn't consist of lots of small factors. Therefore my question: How complicated is it to check whether $p-1$ is smooth? (And how is it done?) Knowing the…

asked Nov 09 '11 at 05:06

Stefano Palazzo

578
5
18

14

votes

2 answers

Which crypto libraries/programs do we have the most confidence in?

I have recently begun studying crypto. If it's one thing I have learned it's that we should not implement our own crypto. Therefore we should look to using existing software and libraries. When I go to implement something that needs data security,…

asked Oct 25 '13 at 02:55

user9061

149
1
3

14

votes

1 answer

Bleichenbacher 1998 "Million message attack" on RSA

I have been reading Bleichenbacher's 1998 paper on a forged message attack on RSA. The paper assumes access to an Oracle that takes a ciphertext $c$ and will check the decrypted text for valid PKCS #1 padding and returns the validity of the padding.…

asked Oct 18 '13 at 23:18

Pankrates

593
1
4
13

14

votes

4 answers

Why to try get key out of white box crypto? How can one protect WBC itself?

Help me understand the following. With WBC the question is mainly being stated as can one try to break WBC to identify the key. My question is: Why would one ever want to do that anyways? If one can locate the WBC itself it should be enough to…

asked Oct 12 '13 at 19:43

WBC

141
3

14

votes

5 answers

Boss insists on storing SHA2(p) || SHA3(p), claiming it "doubles security"

My friend in the software industry came to me with one of his "dumb boss" war stories. This particular time, his (non-technical but eager to learn) manager came to him and told him to, in the new app he was developing, not store SHA2(password +…

asked Feb 01 '24 at 13:27

squinged

143
1
7

14

votes

5 answers

How to prove the security of the PRNG?

Are there any realties tests or criterias that prove the security of the PRNG? What kind of tests or criteria?

asked Oct 09 '13 at 20:19

NiceTheo

591
1
5
18

14

votes

5 answers

Does Grover's algorithm really threaten symmetric security proofs?

By Shannon's theorem of perfect security, if I give you a ciphertext 'LOUPL', you can do a brute-force attack and then you would find plaintexts like 'HELLO', 'APPLE', 'SPOON', but you can't distinguish the true plaintext from the fake one, unless…

asked Oct 16 '23 at 22:38

Victor Espinoza

171
1
9

14

votes

2 answers

Difference between salted hash and keyed hashing?

A cryptographic salt is additional input other than message itself for a hash function so that it prevents attacker from launching dictionary attacks . Usually the salt is stored along with the hash of say the password etc. Keyed Hashing is secret…

hash

asked Oct 03 '13 at 22:57

sashank

6,174
4
32
67

14

votes

1 answer

Reusing keys with AES-CBC

I heard that key/IV pairs must not be reused in AES-CTR, or when using any stream cipher for that matter. Yet the attacks described do not seem to apply to AES-CBC. Is reusing the same key several times dangerous in AES-CBC mode? Does the use of a…

asked Sep 22 '13 at 05:48

user2398029

523
3
14

14

votes

1 answer

DSA vs. ElGamal vs. Schnorr

It has been well known for a long time that NSA played a primary role in the development of the Digital Signature Algorithm (DSA). DSA is a sort of hybrid of the ElGamal and Schnorr signature schemes. My question is this. Based on what we know now,…

asked Sep 16 '13 at 21:04

Nemo

1,377
1
14
18

14

votes

4 answers

How is the key shared in symmetric key cryptography?

Symmetric key cryptography is an encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Is the key public or it is secret? How can the sender and the receiver both…

asked Sep 16 '13 at 05:18

Aria

711
3
9
18

Most Popular