Highest Voted Questions - Cryptography Stack Exchange

12

votes

2 answers

Distribution of hash values

I was wondering if the uniform distribution of hash values is a generally required criteria for cryptographic hash functions. The english wikipedia article only mentions four main properties. But it looks like the commonly used algorithms show a…

hash

asked Mar 04 '16 at 16:43

masinger

463
4
9

12

votes

1 answer

How does the index of coincidence work in the Kasiki test?

I'm starting to learn about cryptanalysis and I am having a bit of difficulty understanding the Kasiski test's index of coincidence. I have a book (Cryptography Theory And Practice by Douglas Stinson) about it that I'm going through, but it seems to…

asked Aug 05 '11 at 17:21

norman

121
1
1
3

12

votes

5 answers

Is an android encrypted SDcard readable/decryptable easily by a desktop machine?

If I encrypt my SDCard on my android phone using the built-in encryption software, and my phone dies for whatever reason, would I be able to easily by just using the pin/password to access that data later on my desktops [OS X, Windows and Linux]?

encryption

asked Feb 17 '16 at 09:25

McGafter

253
1
2
9

12

votes

4 answers

Why should the RSA private exponent have the same size as the modulus?

Consider the generation of an RSA key pair with a given modulus size $n$ and a known, small public exponent $e$ (typically $e = 3$ or $e = 65537$). A common method is to generate two random primes numbers of size $n/2$ (or very close), and check at…

asked Jul 18 '12 at 18:14

Gilles 'SO- stop being evil'

19,134
4
50
92

12

votes

3 answers

What is the difference between SHA-3(Keccak) and previous generation SHA algorithms?

SHA-1 and SHA-2 share the same structure and mathematical operation as their predecessors - SHA-0 and MD5. Both SHA-0 and MD5 have been broken. This is one of the main reasons why SHA-1 is considered insecure and is being phased out for SHA-2. NIST…

asked Feb 04 '16 at 15:48

prakharjain

303
1
3
10

12

votes

3 answers

Are there reasonably secure online voting implementations e.g. for student council elections?

Assume a university want to elect the student council. This was done via paper ballot and there is a need to reach more students for voting, so electronic voting is on the table. While researching existing solutions I came across Helios: helios…

voting

asked Jan 27 '16 at 00:15

kei1aeh5quahQu4U

223
1
4

12

votes

1 answer

Hash function from narrower block cipher operated in CBC-encryption mode?

I am trying to build a public hash function (thus collision-resistant and preimage-resistant, and more generally behaving like a random oracle), with input a message $M$ of fixed size $|M|=m\cdot b$ bits, and output the hash $H(M)$ of fixed size…

asked Jul 10 '12 at 21:43

fgrieu

140,762
12
307
587

12

votes

5 answers

Two different keys decrypting same content

is there some generally available algorithm which will encrypt a short string and generate two unique keys so that any of the two can be used to decrypt the message again? It doesn't has to be "super secure".

asked Dec 28 '15 at 12:42

Bishonen_PL

223
1
2
4

12

votes

5 answers

What is the most secure ECC Curve?

I have for a while used Koblitz curve (sect571k1), in ECDH and ECDSA. But I have started wonder if it is the most secure. I prefer security over efficiency. So the curve doesn't have to be the most efficiency curve. I'm not looking for a curve that…

asked Dec 24 '15 at 14:57

BufferOverflow

355
5
10

12

votes

3 answers

AES Inverse Key Schedule

I have a 128-bit input-block and the corresponding cipher-block given. Additionally I have the last round-key given. Is it now possible to get (calculate) the associated cipher-key? I already implemented the normal key-schedule with the rcon to…

asked Dec 22 '15 at 17:56

Tom

121
1
4

12

votes

2 answers

Is it possible to recover an RSA modulus from its signatures?

Let's say that you have some small number of RSA signatures of known data: you know some pairs $(m_k, c_k)$ such that ${c_k}^e \equiv m_k \pmod n$. If you know $e$, because probably it's one of $\{3, 17, 65537\}$, is it possible to recover $n$?

asked Nov 04 '15 at 03:25

Myria

2,575
13
26

12

votes

1 answer

What Diffie-Hellman parameters should I use?

After reading this article, I started wondering how should I approach the problem of choosing p and g params in 1024-bit Diffie-Hellman key exchange. In my project, I am going to establish keys between many users. Should I create different p and g…

asked Oct 19 '15 at 02:57

michnovka

356
4
10

12

votes

5 answers

Are there any simple and yet secure encryption algorithms?

Being very new to C++ and cryptography, I finally managed to implement a version of the Vinegere algorithm. I would like to try something a bit more complicated. I have looked at AES and DES and others like them, but I was wondering if there is…

asked Jun 03 '12 at 19:04

Thomas

1,174
5
16
33

12

votes

2 answers

How does the simulator of the special-honest verifier zero-knowledge property works?

I’m a bit confused about what the simulator of the special-honest verifier zero-knowledge property of a $\Sigma$-protocol is supposed/allowed to do and how to prove that it is indeed efficient (i.e. it runs in a time polynomial in the security…

zero-knowledge-proofs

asked Aug 12 '15 at 12:17

LRM

1,356
10
24

12

votes

1 answer

Why isn't outputting only a portion of the hash state a simple defense against length extension attacks?

As I understand length extension attacks, they depend on the coincidental property of most cryptographic hash functions that the hash value is exactly the hash function state after hashing the last block of data. This enables an attacker to…

asked Jul 14 '15 at 14:09

sehrgut

223
1
8

Most Popular