Highest Voted Questions - Cryptography Stack Exchange

12

votes

1 answer

Deterministic nonces in CTR mode

I want to encrypt a file with AES in CTR mode. I have a 256 bit master key and the file. Given these, the encryption must be deterministic, so I can't use a random nonce in the usual way. Fortunately the master key will be unique¹. My original plan…

asked Apr 16 '12 at 08:29

CodesInChaos

24,841
2
89
128

12

votes

2 answers

What are advantages of using a HMAC over RSA with SHA-1 hashes?

I am currently studying for an exam and this was a previous question: Give one advantage of using HMACs over using RSA to sign SHA-1 hashes. My thoughts are that it has something to do with the fact that HMAC assumes a private key has already been…

asked Apr 13 '12 at 15:34

Shane

223
1
2
4

12

votes

1 answer

Why does a broken hash function undermine an HMAC?

For instance, what makes MD4 a bad choice for an HMAC? In this case I am asking about MD4 because its less than ideal. I know that a preimage attack can be used to undermine the system, but why? What is the attacker calculating?

asked Apr 10 '12 at 04:58

Rook

1,496
1
13
22

12

votes

4 answers

Does encrypting twice using the same block cipher produce a security weakness?

If I use the output of a cipher, for example a block cipher such as AES and encrypt it again with the same algorithm, I read that this introduces weaknesses into the overall security of the system. Is this the case?

asked Apr 09 '12 at 12:44

rezx

289
1
3
5

12

votes

2 answers

Does using modulo (%) affect quality of randomness?

I'm writing a small script that generates random non-signed decimal integers within a certain range of values. I'm using GNU od, with the following command: od /dev/hwrng --address-radix=n --read-bytes=4 --format=u4 /dev/hwrng is linked to a SoC…

asked Feb 04 '15 at 18:23

user21698

12

votes

1 answer

Cryptographic security of PHP mt_rand() function using Mersenne Twister algo

At StackOverflow, this question has been asked. It uses additional random entropy and a hash method (among others) to try and create a cryptographically secure pseudo-random number generator for PHP. PHP seems to use a Mersenne Twister algorithm…

asked Mar 31 '12 at 13:53

Maarten Bodewes

92,551
13
161
313

12

votes

3 answers

Is RSA padding needed for single recipient, one-time, unique random message?

I want a way to encrypt files using this process: https://crypto.stackexchange.com/a/15 . That is: generate a random password, use that to AES-encrypt a file, and use an RSA public key to encrypt the random password. I can arrange for the password…

asked Mar 26 '12 at 18:13

jrgray

123
1
4

12

votes

4 answers

How are random numbers for RSA generated?

The RSA public key encryption requires two very large prime numbers as part of its encryption process that serve as secrets. These are typically generated with cryptographically secure random number generators of some kind. However, random number…

asked Dec 27 '14 at 18:43

Billy ONeal

251
1
2
7

12

votes

1 answer

RFC 6979 - Why not simply hash the message & the private key for deterministic ECDSA?

Why go through the trouble of using the HMAC_DRBG process, instead of simply hashing [message | private key] to calculate $k$ for deterministic ECDSA? If the resulting $k$ or the signature is invalid, then a known byte value can be appended to the…

dsa

asked Nov 29 '14 at 15:42

thera

346
2
8

12

votes

2 answers

What does "circuits" mean in Cryptography?

I am not a hardcore cryptographer so this might be a really stupid question. I am looking through some papers in homomorphic encryption and discovered they describe computation as "circuits", why do they use this particular term? Isn't algorithm a…

asked Nov 06 '14 at 16:30

Boyu Fang

447
1
5
13

12

votes

1 answer

Sending KCV (key check value) with cipher text

I was wondering why it is not more common to send the KCV of a secret key together with the cipher text. I see many systems that send cipher text and properly prepend the IV to e.g. a CBC mode encryption. Wouldn't it be easier to prepend another…

asked Feb 25 '12 at 13:10

Maarten Bodewes

92,551
13
161
313

12

votes

1 answer

Luby-Rackoff theorem confusion

The Luby-Rackoff theorem states that if a round function is a secure pseudorandom function (PRF) then 3 rounds are sufficient to make the block cipher a pseudorandom permutation (PRP). PRPs are invertible whereas PRFs are not. How come 3 rounds of a…

asked Aug 12 '14 at 23:06

BlaX

736
7
18

12

votes

5 answers

Why do we need asymmetric algorithms for key exchange?

In SSL protocols, both symmetric and asymmetric algorithms are used. Why is it so? The symmetric algorithms are more secure and easier to implement. Why are asymmetric algorithms usually preferred in key exchange?

asked Feb 06 '12 at 06:37

user5507

1,913
5
20
29

12

votes

2 answers

Can one implement AES on 4-bit microcontroller?

It is possible to implement AES on 4-bit microcontroller? As far as I know, AES on 8-bit microcontroller are common especially for light weight application such as the RFID. I have yet to come across AES been employed on 4-bit microcontroller,…

asked Feb 03 '12 at 15:32

cLaRe

171
3

12

votes

4 answers

Fast hashing into elliptic curve

Is there a fast algorithm for mapping $n$-bit numbers $s$ (for fixed $n$) into a cyclic subgroup of an elliptic curve (over a finite field) in which the Discrete Logarithm Problem is hard? By fast, I mean it takes about as long as a point addition…

asked Jun 19 '14 at 00:08

jbms

360
2
8

Most Popular