Highest Voted Questions - Cryptography Stack Exchange

12

votes

3 answers

Is deriving the IV from the password secure?

I came across an encryption scheme to encrypt files with AES-256. You can see the initialization of the decryption routine below: salt = scrambled_file.read(16) key_and_iv = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, 50000, 48,…

asked Nov 12 '16 at 09:02

Jonas

223
2
5

12

votes

2 answers

Prove that you have $K$ bytes of memory

Alice has bought a brand new hard disk, $K$ (with $K \sim 10^{12}$) bytes in size. She is very happy about her purchase, and tells Bob about it. Bob claims he also bought a $K$ bytes hard disk. Alice doesn't really trust Bob on this, so she asks him…

asked Oct 25 '16 at 10:38

Matteo Monti

1,407
2
14
19

12

votes

2 answers

Why is a CSR signed and which key is used for signing?

I know that a CSR includes a public key from which a signed certificate shall be generated. But why is the CSR istself signed and which key is typically used? For signing I need a private key, so the user of the CSR's signature must have the…

asked Oct 04 '16 at 16:30

MichaelW

1,497
1
11
24

12

votes

1 answer

Encoding vs. Compression vs. Encryption

In what ways does encryption differ from proprietary/secret compression schemes and codecs?

asked Sep 24 '16 at 17:26

ProductionValues

221
1
2
3

12

votes

1 answer

Minimalist memory-hard function?

What would be a minimalist memory-hard function, reasonably conjecturable to require $\approx2^k$ bits of memory per running evaluation, $k\approx32$; require $\approx2^n$ R/W accesses to $2^w$-bit words per evaluation, $w\approx6$ (likely $n\ge…

memory-hard

asked Sep 06 '16 at 14:29

fgrieu

140,762
12
307
587

12

votes

2 answers

How can we distribute Shamir's secret sharing scheme shares without a dealer?

Let's say $k$ users have shares to a $(k,n)$ secret sharing scheme, and they want to issue new shares. How can they do this without collecting the shares together? In particular, no set of $k-1$ users (including the new users) should be able to…

asked Sep 04 '16 at 23:23

Christopher King

819
5
19

12

votes

2 answers

Definitions of secrecy

I found terms like "forward secrecy", "future secrecy", "backwards secrecy" and "perfect forward secrecy" and I would like to know their definitions and to understand the differences among them. I found several confusing definitions online,…

asked Sep 03 '16 at 15:55

M-elman

1,248
3
15
24

12

votes

3 answers

Which algorithms are used to factorize large integers?

Even if RSA decided to cancel the Factoring Challenge, it seems that some teams keep working on it. According to Wikipedia, RSA-768 has been factored in late 2009. What are the current large integer factorization algorithms and what the mathematical…

asked Aug 11 '11 at 21:07

Jcs

511
1
7
12

12

votes

1 answer

Does changing the order of the steps within a round affect the security of AES?

I was trying to understand the internal structure of AES (Advanced Encryption Standard) The Standard order of steps within a round: Substitute Bytes Shift Rows Mix Columns Add Round Key Substitute Bytes, Shift Rows & Mix Columns satisfies the two…

asked Jun 27 '16 at 10:01

Atinesh

257
2
8

12

votes

3 answers

In the Quadratic Sieve, why restrict the factor base?

In the Quadratic Sieve, when factoring a number $N$, many descriptions and most implementations select as the factor base the set of small primes $p_j$ less than some bound $B$ restricted to having Legendre symbol $\left({N\over p_j}\right)=+1$. Why…

asked May 27 '16 at 06:47

fgrieu

140,762
12
307
587

12

votes

1 answer

Why can an elliptic curve private key be 1?

I often see in papers (e.g. this one) that for an elliptic curve with generator point $G$ and order $n$ the private key $d$ can take on any integer value in the range $[1, n)$. When $d = 1$ the corresponding public key $Q = dG$ is of course then…

elliptic-curves

asked May 24 '16 at 18:33

puzzlepalace

4,042
1
19
44

12

votes

4 answers

Do I need to worry about timing attacks in Base64 encoding/decoding of private keys?

Do I need to worry about timing attacks in Base64 encoding/decoding of private keys? This is a common operation (ex. PEM keys) and is variable time in typical implementations.

asked May 23 '16 at 06:15

Demi

4,793
1
19
39

12

votes

2 answers

What is the difference between PBE and symmetric key encryption?

What is the difference between PBE (password based encryption) and symmetric-key algorithms? My understanding is that symmetric-key algorithms like AES and Twofish are used in PBE. Hence PBE is just a technique which employs symmetric-key…

asked Apr 05 '16 at 16:36

Rahul Khimasia

223
1
3
8

12

votes

1 answer

On Linux, does /dev/random unblocking imply that /dev/urandom is seeded?

Linux has the familiar problem that /dev/random blocks too much (insisting on being information-theoretically secure), while /dev/urandom doesn't block enough (it will return data before it's been adequately seeded). The new getrandom() system call…

asked Mar 27 '16 at 15:23

Daniel Franke

361
1
11

12

votes

1 answer

Why x00 is usually avoided in salt?

In .NET Framework, there is a cryptographic Random Number Generator (RNG) provider which enables to generate a cryptographically strong sequence of random bytes. This provider contain, among others, two methods: GetBytes which generates a sequence…

asked Jul 31 '12 at 13:11

Arseni Mourzenko

223
1
5

Most Popular