Highest Voted Questions - Cryptography Stack Exchange

12

votes

1 answer

How to determine the multiplicative inverse modulo 64 (or other power of two)?

I am trying to determine the multiplicative inverse of $47$ modulo $64$. So I have looked for an algorithm or scheme in order to perform this. I found this wiki explaining how to find a multiplicative inverse. I tried to perform all the…

modular-arithmetic

asked May 17 '17 at 16:25

user3834282

139
1
3

12

votes

1 answer

Why does KangarooTwelve only use 12 rounds?

The initial Keccak submission used 18 rounds, which was bumped up to 24 rounds for the final version after distinguishers were found for a reduced 16 round variant. However, the Keccak team has recently released a spate of cryptographic primitives…

asked Apr 12 '17 at 05:36

Indolering

361
1
8

12

votes

2 answers

Are common (secure) stream ciphers CCA1-secure?

My latest question and especially Ricky Demer's comment on the answer got me thinking: This homomorphic tranformation of RSA is most likely IND-CPA and maybe even IND-CCA1, but if it could be IND-CCA1, so could be a stream cipher in theory. This is…

asked Mar 27 '17 at 18:04

SEJPM

45,967
7
99
205

12

votes

2 answers

Can elliptic curve cryptography encrypt with public key and decrypt with private key like RSA?

I know that RSA can be used for both, encryption and signature. What about EC? I know about ECDSA/EdDSA, but to my knowledge it can only be used to sign. I also know about ECDH, but it is a key agreement protocol. Is there some elliptic curve based…

elliptic-curves

asked Mar 26 '17 at 03:41

Eric

121
1
3

12

votes

1 answer

Encrypting bcrypt hashes

I've been asked by a client to give some advice on hashing and as it isn't my area I'm looking for someone who knows what they are talking about. The client is hashing 4-6 digit PINs (mostly 4 digit) with bcrypt, they have the work factor set as…

bcrypt

asked Mar 08 '17 at 10:58

Robin

123
4

12

votes

1 answer

What is a safe maximum message size limit when encrypting files to disk with AES-GCM before the need to re-generate the key or NONCE

The general limits from the NIST recommendation are as follows: Maximum Encrypted Plaintext Size ≤ 239 - 256 bits; Maximum Processed Additional Authenticated Data ≤ 264 - 1 bits; This stack overflow answer…

asked Feb 22 '17 at 23:01

Stan Ivanov

380
2
13

12

votes

1 answer

RSA with 3 primes

I was trying to understand how does RSA with 3 primes work. I have checked Wikipedia but yet I didn’t fully understand their solution. I would like to know how do you encrypt for $n=p*q*r$ How do you decrypt for it, and why is it still proven to…

asked Feb 22 '17 at 20:47

Jeremy Shiklov

127
1
1
7

12

votes

3 answers

Does AES-NI offer better side-channel protection compared to AES in software?

Does AES-NI offer better side-channel protection compared to AES in software? Also, it would be great of you could provide according references in your answer.

asked Feb 04 '17 at 09:55

RJL

167
1
7

12

votes

2 answers

Checksum vs. non-cryptographic hash

What are the differences between checksums (e.g. Fletcher, Adler, CRC), non-cryptographic hashes (e.g. xxHash, MurmurHash, CityHash) and cryptographic hashes (e.g. MD5, SHA1, SHA3)? I am familiar with checksums and how they're used to detect errors…

asked Feb 03 '17 at 00:12

bryc

292
3
14

12

votes

2 answers

Chosen Plaintext attack on AES in ECB mode

I am familiar with the following method for an chosen-plaintext injection attack on ECB ciphers, where I am allowed to append a block of bytes to the packet being encrypted: I inject a string with known bytes one less than the blocksize and try…

asked Jan 10 '17 at 11:41

Agnishom Chattopadhyay

273
1
2
12

12

votes

4 answers

RSA private key integrity check

I am working on a device whose OS provides an RSA Private primitive, where the inputs are the message, and the usual components of a private key. Unfortunately it is bugged so that in some cases of supplying garbage for the private key, the device…

asked Jan 10 '17 at 11:01

M.M

223
2
6

12

votes

2 answers

Should I use HMAC or KMAC for SHA3?

I am planning to implement a MAC function for the SHA3. I read that its latest variant is KMAC. I am confused by the comments in the http://keccak.noekeon.org/ website. Its says... Unlike SHA-1 and SHA-2, Keccak does not have the length-extension…

kmac

asked Jan 03 '17 at 23:51

ajith

121
1
3

12

votes

1 answer

Why doesn't Wang's attack work on SHA-1?

Wang's (et al) differential attack works on MD5, MD4, RIPEMD and HAVAL. Why doesn't it work on SHA-1?

asked Dec 22 '16 at 21:41

Peppina

121
2

12

votes

1 answer

Does SHA-512 leak info about SHA-256?

Does the SHA-512 value of an input leak any information about the SHA-256 value of that same input? Specifically, if I'm using SHA-512 to derive encryption and HMAC keys from a 256 bit ECDH shared secret (by splitting it into two 256 bit chunks),…

asked Dec 10 '16 at 17:52

Chris

12

votes

3 answers

Is the number of creatable torrents limited?

Currently, a magnet link containing a 40-digits long SHA-hash value, is assigned to every torrent which is created. Therefore, this hash should be unique to identify a torrent and send the right bytes (packages) to the right people. So therefore,…

asked Aug 16 '11 at 16:13

MechMK1

445
5
18

Most Popular