Highest Voted Questions - Cryptography Stack Exchange

423

votes

13 answers

Should we MAC-then-encrypt or encrypt-then-MAC?

Most of the time, when some data must be encrypted, it must also be protected with a MAC, because encryption protects only against passive attackers. There are some nifty encryption modes which include a MAC (EAX, GCM...) but let's assume that we…

asked Jul 19 '11 at 21:39

Thomas Pornin

86,974
16
242
314

245

votes

2 answers

What are the differences between a digital signature, a MAC and a hash?

A message may be accompanied with a digital signature, a MAC or a message hash, as a proof of some kind. Which assurances does each primitive provide to the recipient? What kind of keys are needed?

asked Dec 10 '12 at 12:16

Flimm

2,758
4
15
17

230

votes

8 answers

How much would it cost in U.S. dollars to brute-force a 256-bit key in a year?

I am often told that any key can be broken and that it is only a matter of time and resources for any key to be broken. I know that this is technically true. However, I think that there is probably a point where it makes sense to say a key is…

brute-force-attack

asked Nov 08 '11 at 10:51

John Fischer

2,403
3
15
6

189

votes

23 answers

Time Capsule cryptography?

Does there exist any cryptographic algorithm which encrypts data in such a way that it can only be decrypted after a certain period of time? The only idea that I can think of, is something like this: Seed a PRNG with a public value. Run the PRNG for…

asked Jun 22 '11 at 17:47

Jake

181

votes

4 answers

Why is elliptic curve cryptography not widely used, compared to RSA?

I recently ran across elliptic curve crypto-systems: An Introduction to the Theory of Elliptic Curves (Brown University) Elliptic Curve Cryptography (Wikipedia) Performance analysis of identity management in the Session Initiation Protocol (SIP)…

asked Nov 15 '11 at 06:19

Vineet Menon

2,025
3
14
10

175

votes

6 answers

Why can't we reverse hashes?

First off, I know hashes are 1 way. There are an infinite number of inputs that can result in the same hash output. Why can't we take a hash and convert it to an equivalent string that can be hashed back to the original hash output? eg: string:…

asked Apr 06 '17 at 16:25

Hello World

1,867
2
9
3

172

votes

2 answers

What is the main difference between a key, an IV and a nonce?

What are the main differences between a nonce, a key and an IV? Without any doubt the key should be kept secret. But what about the nonce and the IV? What's the main difference between them and their purposes? Is it only that, in literature and in…

asked Oct 05 '12 at 08:20

curious

6,160
6
32
45

163

votes

10 answers

Why is writing your own encryption discouraged?

Say I want to write an encryption algorithm to communicate between me and my friend for this private use. How is that bad? E.g. I can take the word Hello and encrypt it with a simple algorithm – for example – take each letter and multiply its value…

encryption

asked Jan 25 '17 at 18:19

Pierte

1,537
2
10
3

162

votes

4 answers

Should we trust the NIST-recommended ECC parameters?

Recent articles in the media, based upon Snowden documents, have suggested that the NSA has actively tried to enable surveillance by embedding weaknesses in commercially-deployed technology -- including at least one NIST standard. The NIST FIPS…

asked Sep 09 '13 at 03:07

D.W.

36,365
13
102
187

151

votes

7 answers

Should we sign-then-encrypt, or encrypt-then-sign?

Frequently, we want to send messages that are (a) encrypted, so passive attackers can't discover the plaintext of the message, and (b) signed with a private-key digital signature, so active attackers can't make Alice think that a message came from…

asked Nov 22 '12 at 16:55

David Cary

5,664
4
21
35

148

votes

1 answer

What are the differences between .pem, .csr, .key, .crt and other such file extensions?

I'm new to SSL / TLS, and I want to work with the OpenSSL toolkit. What do .pem and .csr stand for? I do know that .key is the private key and .crt is the public key.

asked Feb 08 '17 at 14:21

Richard R. Matthews

4,455
7
29
47

148

votes

5 answers

What is a cryptographic "salt"?

I'm a beginner to cryptography and looking to understand in very simple terms what a cryptographic "salt" is, when I might need to use it, and why I should or should not use it. Can I get a very simple and clear (beginner level) explanation? If you…

asked Jan 30 '12 at 14:01

Bhavik Ambani

1,611
2
15
12

147

votes

1 answer

Why does my SSH private key still work after changing some bytes in the file?

I (for a test) just randomly altered a private RSA key by opening it up in Vim and changing a few bytes. It is the private part of an SSH key pair used for logging in on a remote system. Puzzlingly, it still allows me to login. I did some research…

asked Jan 09 '16 at 19:15

PhilPotter1987

1,093
2
8
6

132

votes

7 answers

How big an RSA key is considered secure today?

I think 1024 bit RSA keys were considered secure ~5 years ago, but I assume that's not true anymore. Can 2048 or 4096 keys still be relied upon, or have we gained too much computing power in the meanwhile? Edit: Lets assume an appropriate padding…

asked Mar 03 '12 at 02:51

Inaimathi

1,587
3
11
15

128

votes

7 answers

Are there two known strings which have the same MD5 hash value?

Is there an example of two known strings which have the same MD5 hash value (representing a so-called "MD5 collision")?

asked Dec 11 '11 at 08:57

Adban

Most Popular