Highest Voted Questions - Cryptography Stack Exchange

40

votes

2 answers

How is the MD2 hash function S-table constructed from Pi?

For fun, I'm learning more about cryptography and hashing. I'm implementing the MD2 hash function following RFC 1319 (https://www.rfc-editor.org/rfc/rfc1319). I'll preface by saying I know there are libraries, I know this is an old hash, and I do…

asked Nov 25 '13 at 10:23

Keith

503
4
6

39

votes

9 answers

What's the truth about this "absolutely unbreakable" cipher?

A story appeared on Forbes today claiming that we now have an absolutely unbreakable cipher. It cites a paper published in Nature Communications. However, I'm skeptical: But what if there were a method of enabling data to be sent using an…

asked Dec 21 '19 at 17:55

Joseph Sible-Reinstate Monica

489
6
14

39

votes

1 answer

Why do the elliptic curves recommended by NIST use 521 bits rather than 512?

Wikipedia says in reference to the elliptic curves officially recommended by NIST in FIPS 186-3: Five prime fields for certain primes p of sizes 192, 224, 256, 384, and 521 bits. For each of the prime fields, one elliptic curve is recommended. The…

elliptic-curves

asked Feb 03 '13 at 22:14

Zack Elan

493
1
4
5

39

votes

1 answer

ECDSA, EdDSA and ed25519 relationship / compatibility

I'm trying to understand the relationship between those three signature schemes (ECDSA, EdDSA, and ed25519) and mainly to what degree they are mutually compatible in the sense of key-pair derivation, signing, and signature verification. But I was…

asked Apr 15 '18 at 22:00

Rafael Korbas

493
1
4
6

39

votes

3 answers

Why was AES CBC removed in TLS 1.3?

I don't quite understand why AES CBC was removed in TLS1.3. From what I know CBC is the most secure Mode of operation for the AES block cipher (if you can say it like that). It only needs a TRND IV and has not been broken. If you pair it with a…

asked Oct 26 '17 at 15:10

Richard R. Matthews

4,455
7
29
47

39

votes

3 answers

Are cryptographic hash functions quantum secure?

I was reading a paper related to post quantum cryptography. It says that RSA, ECC and ElGamal encryption schemes would be obsolete with the advent of quantum computers. But the hash functions can still be secure. I don't understand how one can…

asked Mar 03 '17 at 13:11

user38956

39

votes

3 answers

Why is CBC with predictable IV considered insecure against chosen-plaintext attack?

I just learned that using CBC encryption with an IV which is predictable is not secure. From what I understand, using certain plain texts, and then guessing the IV that it uses, the attacker can verify if the IV he guessed was right. How does this…

asked Sep 26 '12 at 23:17

asudhak

491
1
4
5

39

votes

5 answers

Galois fields in cryptography

I don't really understand Galois fields, but I've noticed they're used a lot in crypto. I tried to read into them, but quickly got lost in the mess of heiroglyphs and alien terms. I understand they're sets of the form $GF(p^n)$ for $n\geq1$ where…

asked May 24 '12 at 22:36

Polynomial

3,527
4
29
45

39

votes

2 answers

Why is HMAC-SHA1 still considered secure?

This Q & A https://security.stackexchange.com/questions/33123/hotp-with-as-hmac-hashing-algoritme-a-hash-from-the-sha-2-family says that the security of HMAC-SHA1 does not depend on resistance to collisions? Are they are saying specifically with…

asked Jun 25 '15 at 08:46

user93353

2,191
3
23
43

39

votes

1 answer

Who first published the interest of more than two prime factors in RSA?

Multi-prime RSA is now a well known technique (described here): it uses $k>2$ distinct secret prime factors in the public RSA modulus, with the advantage that, using the CRT, we can gain a speed boost in private-key operation, with little…

asked Feb 17 '14 at 14:11

fgrieu

140,762
12
307
587

39

votes

1 answer

Explaining weakness of Dual EC DRBG to wider audience?

I have an audience of senior (non-technical) executives and senior technical people who are taking the backdoor in Dual_EC_DRBG and considering it as a weakness of Elliptic curves in general. I can take a max of about 10 mins in my presentation to…

asked Sep 18 '13 at 18:10

DeepSpace101

1,697
2
17
24

38

votes

2 answers

What is the difference between SHA-3 and SHA-256?

I am new about cryptography, I learned that SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST. But I recently saw SHA-256 but I don't get what is it in comparison to SHA-3 ?

asked Mar 26 '19 at 13:59

Ced

515
1
4
8

38

votes

2 answers

What's the difference between RSA and Diffie-Hellman?

I've been reading the same thing on a lot of websites: RSA is for communication using the public and private key for both the server and client, whereas Diffie-Hellman is just for exchanging the same secret key that will then be used for both…

asked Dec 09 '16 at 17:16

user3407319

485
1
6
8

38

votes

4 answers

What is the recommended replacement for MD5?

Since MD5 is broken for purposes of security, what hash should I be using now for secure applications?

asked Jun 20 '12 at 19:21

grieve

535
1
4
7

38

votes

4 answers

How can one securely generate an asymmetric key pair from a short passphrase?

Background info: I am planning on making a filehost with which one can encrypt and upload files. To protect the data against any form of hacking, I'd like not to know the encryption key ($K$) used for a file, so the user will have to asymmetrically…

asked Jan 13 '12 at 21:23

Flumble

485
1
4
6

Most Popular