Highest Voted Questions - Cryptography Stack Exchange

13

votes

1 answer

Diffie-Hellman Parameter Check: when g = 2, must p ≡ 11 (mod 24)?

I'm adding some Diffie-Hellman groups to a program as specified in RFC 3526, More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). When I test some of the group parameters per OpenSSL's DH_check, a result is returned…

diffie-hellman

asked Jan 16 '14 at 15:31

user10496

13

votes

1 answer

Difference between CBC-MAC and CMAC

According to Wikipedia, CMAC is based on a variation of CBC-MAC and fixes some security deficiencies in it. However, I could not find a simple and clear explanation of what the differences between the two algorithms actually are, so I thought I'd…

asked Jan 12 '14 at 00:05

enigma

133
1
1
7

13

votes

2 answers

At what stage is DHE and RSA used during the SSL/TLS handshake?

At what stage of the SSL/TLS handshake is the DHE and RSA used and what is the purpose of using a pre-master secret when you could just use RSA to exchange the symmetric key (i.e. AES) for further communications. I am confused how DHE, AES and RSA…

asked Jan 05 '14 at 14:52

Ali Gajani

418
2
6
12

13

votes

1 answer

Why does OpenSSL append extra bytes when encrypting with aes-128-ecb?

Plaintext: Attack at dawn!! Hex: 41747461636b206174206461776e2121 Key: abcdefghijklmnop Hex: 6162636465666768696a6b6c6d6e6f70) Through calculations done both by hand and with various sites online, the result should…

asked Dec 27 '13 at 21:19

k_sel

233
1
2
4

13

votes

3 answers

What happens to entropy after hashing?

What happens to entropy after hashing? Suppose you have a key with entropy $k$. Can entropy $k$ be increased by hashing the key?

asked Dec 21 '13 at 08:02

user10988

183
1
5

13

votes

1 answer

Difference between Pedersen commitment and commitment based on ElGamal

Does any of you know what is the difference between the Pedersen commitment and the commitment that uses the ElGamal encryption scheme? For the sake of completeness, I recall what both of them look like. Given two public and large primes $p$ and…

asked Nov 24 '13 at 19:19

LRM

1,356
10
24

13

votes

1 answer

Difference between computational and statistical indistinguishabilities

What is the difference between the two notions of computational and statistical indistinguishability?

provable-security

asked Nov 19 '13 at 14:41

Dingo13

2,867
3
27
46

13

votes

2 answers

Has threefish successfully been attacked (practically or theoretically)?

Reading Schneier's "The Doghouse: Crypteto" dated September 30, 2009, I noticed Bruce Schneier stating: Threefish, the block cipher inside Skein, encrypts data at 7.6 clock cycles/byte with a 256-bit key, 6.1 clock cycles/byte with a 512-bit key,…

asked Nov 13 '13 at 18:09

Trina

694
7
21

13

votes

1 answer

How to choose constants in a cryptographic function?

A number of cryptographic functions have constants built in. For example, the constants used in RFC 2104 for HMAC, or the constants used in s-boxes (e.g., DES and AES), or MD5. In general, how are constants such as these generated so as not to…

algorithm-design

asked Nov 06 '11 at 23:35

mikeazo

38,563
8
112
180

13

votes

1 answer

Security considerations on "expand 32-byte k"-magic number in the Salsa20 family of stream ciphers?

I'm currently examining the NaCl library written by Daniel J. Bernstein and I noticed that the library hard codes the sigma: static const unsigned char sigma[16] = "expand 32-byte k"; In all the salsa stream…

asked Oct 21 '13 at 10:51

Pascal

233
2
7

13

votes

2 answers

What can make an implementation of a large integer library unsafe for cryptography

Unfortunately, I don't have any references, but I remember people mentioning that some large integer libraries can be unsafe to use for writing cryptographic algorithms such as the RSA. That made me curious if anyone knows of any examples of…

asked Apr 08 '23 at 04:22

Keen

233
1
7

13

votes

1 answer

Is the first version of the Message-Digest algorithm by Ronald Rivest publically available?

Diving into the history and evolution of the Message-Digest algorithm by Ronald Rivest, I have been able to track back papers from MD6 down to MD2. Yet, somehow I can not seem to be able to find any papers, specifications or even the slightest…

asked Aug 31 '13 at 06:43

e-sushi

17,891
12
83
229

12

votes

1 answer

Current Consensus on Security of Lattice Based Cryptography?

In an edit to an answer by user forest, it was mentioned that there has been a new attack developed for lattice-based cryptography. I thought lattice-based cryptography is a fairly well established way of providing quantum-computing-proof security,…

asked Apr 11 '22 at 23:25

Steven Sagona

313
1
12

12

votes

1 answer

What signature schemes allow recovering the public key from a signature?

It seems to be possible to retrieve the (public) key used for creating an ECDSA signature just from the signature alone. This seems like an interesting property; as far as I know, RSA doesn't share it. Depending on the application, this can both be…

asked Aug 23 '13 at 11:12

lxgr

1,798
1
13
22

12

votes

1 answer

Technical details of attack on Android bitcoin usage of SecureRandom

Reports are surfacing that Android's Java SecureRandom class has issues and isn't totally secure. A specific example of how this issue translates to applications is bitcoin, where reports are stating that the bitcoin wallet is at risk of theft. With…

random-number-generator

asked Aug 12 '13 at 14:46

makerofthings7

2,621
1
20
36

Most Popular