Highest Voted Questions - Cryptography Stack Exchange

13

votes

2 answers

Is CPU timing jitter a usable entropy source?

In some virtualized environments, the only source of entropy available is CPU timing jitter. Can one get enough entropy from this source for practical uses? Also, is this secure against local side-channel attacks against unprivileged local…

asked Jan 03 '16 at 09:03

Demi

4,793
1
19
39

13

votes

1 answer

How is "post-quantum security" proven/shown?

Due to growing concerns over the threat of quantum computing to asymmetric cryptography (RSA, ECC, etc), a number of "quantum resistant" replacements have been proposed (SPHINCS, McBits, and many more). How are these cryptosystems proven (or…

asked Oct 24 '15 at 08:00

Tim McLean

2,834
1
14
26

13

votes

3 answers

Is it okay to use a hash of a timestamp as the IV for AES?

The message format includes a datetime field in the clear. Is it okay to also use this field (or some hash thereof) as the initialization vector? In this case, CBC is the mode being used.

asked Aug 03 '11 at 13:52

Ed Thomas

233
2
5

13

votes

1 answer

When did Kerckhoffs's principle become fully accepted in design and practice of modern ciphers?

Kerckhoffs's principle is named after a publication over 130 years old. Yet it is still something that is commonly misunderstood and challenged by newcomers to cryptography. This question from Open Source Stack Exchange seems typical, and one answer…

asked Sep 24 '15 at 07:38

Neil Slater

1,119
8
20

13

votes

4 answers

Is it possible to get an RSA encryption key by comparing the unencrypted and encrypted file?

Exactly what the title says. If I have a RSA encrypted file, and the exact same file but decrypted, can I tell the key that was used from that information?

asked Aug 17 '15 at 19:01

aaro4130

141
1
1
4

13

votes

3 answers

In the SHA hash algorithm, why is the message always padded?

In the SHA hash algorithm the message is always padded, even if initially the correct length without padding; the padding is of the form "1" followed by the necessary number of 0s. Why is it necessary that the message always be padded?

asked May 31 '12 at 17:20

hihello4

131
1
1
3

13

votes

2 answers

Verifiably deterministic ECDSA signatures?

ECDSA signatures depend on parameter k that is chosen by the signer. As a result, there are many signatures for the same private key d and message m. What I want to achieve is a deterministic signature. That is, given private key d and message m,…

asked Jul 16 '15 at 23:19

Tony

173
1
6

13

votes

2 answers

Where is the authentication tag stored in file encrypted using AES-GCM?

So I am using cryptopp to encrypt a file in a project and I am using AES-GCM. I have a 256bit key and a 128bit ivec and a 128bit tag that I use to encrypt files. However, I want to know where the authentication tag is stored? I notice if I specify a…

asked Apr 26 '15 at 06:31

Mo Beigi

245
1
4
9

13

votes

3 answers

What is a Key Derivation Function?

From Wikipedia: In cryptography, a key derivation function (or KDF) derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function. Is there a…

key-derivation

asked Apr 15 '15 at 01:14

RandomGuy

318
2
6

13

votes

3 answers

How does the key schedule of Rijndael looks for keysizes other than 128 bit?

It said in Wikipedia that: [....] Rijndael can be specified with block and key sizes in any multiple of 32 bits, with a minimum of 128 bits. The blocksize has a maximum of 256 bits, but the keysize has no theoretical maximum. How would the key…

asked Apr 30 '12 at 08:40

goldroger

1,727
8
33
41

13

votes

3 answers

What is the PRG period of stream ciphers such as RC4 or Salsa20?

I am confused about how long a stream cipher can be used before you should change the key. To be concrete, let me use the stream cipher based on RC4 as an example. Let's say I want to encrypt a very long message. I pick a key with 128 bits and start…

asked Mar 25 '12 at 18:37

rlandster

317
2
8

13

votes

3 answers

What should be the size of a Diffie-Hellman private key?

I'm implementing the SRP-6 protocol, which relies on discrete logarithms for it's security (essentially Diffie-Hellman). The RFC documents state: The private values $a$ and $b$ SHOULD be at least 256-bit random numbers, to give approximately 128…

asked Mar 02 '12 at 19:19

Jim

133
1
1
4

13

votes

6 answers

Cryptography vs Security

This may sound a little bit of basic but here it goes… Which of the following is correct? “Cryptography is under the security field”, or “Security is under the cryptography field?” Cryptography is all about encryption and decryption.…

terminology

asked Aug 19 '14 at 16:24

Giliweed

597
1
5
16

13

votes

1 answer

How does Truecrypt change password without the need for a complete re-encryption of volume

From what I understand: TrueCrypt takes the password as message Add salt calculates a digest use digest for encryption From what I understand. A good hash function has Second pre-image resistance .i.e. It is difficult to find $m_2$ such that…

hash

asked Aug 05 '14 at 00:30

aiao

233
1
2
5

13

votes

1 answer

Can a homomorphic encryption scheme be made CCA2 Secure?

Is it possible to modify a homomorphic encryption scheme so that it can be CCA2 secure? From the definition of a homomorphic scheme, it seems that it is malleable, which would result in lack of CCA2 security. So, if we use the regular method to…

asked Jul 03 '14 at 12:46

Misty

133
1
4

Most Popular