Highest Voted Questions - Cryptography Stack Exchange

38

votes

2 answers

Why should I use Authenticated Encryption instead of just encryption?

There are various different modes of operation for block cipher use, some of which provide "encryption" and some of which provide authenticated encryption. Why should I use an authenticated encryption mode rather than just an encryption mode? This…

asked Dec 06 '13 at 21:43

Cryptographeur

4,317
2
27
40

38

votes

7 answers

Is it feasible to build an index of prime factors?

Would it be possible to break an RSA key, in for example 1 week of time, if the cracker have already spent X number of years building an index of primes by performing every permutation of existing prime keys up to $2^{2048}$? I understand this would…

asked Oct 21 '11 at 08:45

mjs

483
5
9

37

votes

2 answers

Why should I use an Initialization Vector (IV) when I have unique keys?

I took a look at “Why, or when, to use an Initialization Vector?” but my question is not the same. I have unique keys encrypting each plaintext (in CBC mode, AES-256) and I do not use a key to encrypt more than one plaintext. Is it insecure to use…

asked Jun 06 '13 at 02:38

Ashwin

473
1
4
4

37

votes

3 answers

Does "Shattered" actually show SHA-1-signed certificates are "unsafe"?

Note: I am not advocating anyone continues using SHA1-signed certificates: they are dead as far as security is concerned and should no longer be used. I'm just trying to clarify my understanding of the theoretical implications of Shattered as they…

asked Jul 09 '18 at 08:13

TripeHound

473
7
14

37

votes

1 answer

What is the advantage of XTS over CBC mode (with diffuser)?

I have some problems in understanding the "advantage" of AES-XTS compared to CBC with diffuser. I read something about FileVault, in this paper they mention the two modes of operations XTS and CBC (with diffuser) and the advantages of XTS. Both…

asked Dec 05 '12 at 12:01

tommynogger

473
1
4
4

37

votes

7 answers

Why aren't zero-knowledge proofs used in practice for authentication?

I read on Wikipedia that zero-knowledge proofs are not used for authentication in practice. Instead (I think) the server is entrusted with seeing a password in plaintext form, which it should then add a salt to and hash. But for a split moment, the…

asked Apr 30 '15 at 00:09

wlad

1,239
1
13
24

37

votes

4 answers

Why is plain-hash-then-encrypt not a secure MAC?

It seems that even in MAC-then-encrypt systems like SSL, something like HMAC is used rather than a plain hash. Why? Suppose we use some stream cipher; then why can't we use $Encrypt(m | H(m))$ as the MAC-then-encrypted version of the message?…

asked May 28 '14 at 03:23

ithisa

1,101
9
23

36

votes

5 answers

The GCD strikes back to RSA in 2019 - Good randomness is the only solution?

When someone collects lots of RSA public modulus, the first thing that comes to mind is; $$\text{GCD them all}$$ If you calculate the GCD of two different RSA modulus and if the result is not 1 then you find one of the factors. This has been…

asked Jan 01 '20 at 20:42

kelalaka

48,443
11
116
196

36

votes

2 answers

Elliptic curve ed25519 vs ed448 - Differences

Other than key size, What are some differences between the Elliptic curve ed25519 and ed448?

asked Feb 20 '19 at 10:00

Nathan Aw

2,277
3
17
21

36

votes

1 answer

What is a tweakable block cipher?

Pretty simple question - but I can't seem to find much information about it. What exactly is a tweakable block cipher? How do they differ from traditional block ciphers? What is the 'tweak'? Is it just a sequence of bytes? Does it have any special…

asked Jan 31 '13 at 16:35

hunter

3,965
6
28
42

36

votes

3 answers

What are recommended, general strategies to start block-cipher design and/or analysis?

I (and many others for that matter) have always been fascinated by the inner workings of the modern building block of cryptography: block ciphers. Now, the resources on the "black art" of design and analysis of these ciphers are sparse; especially…

asked Sep 05 '16 at 19:49

SEJPM

45,967
7
99
205

36

votes

1 answer

What exactly is a "garbled circuit"?

There are plenty of questions here about the details and how-to's of "garbled circuits", but I have not seen anything that defines what garbled circuits are. What exactly is a garbled circuit? What are they intended to be used for? What are their…

garbled-circuits

asked Jul 27 '16 at 18:15

Ella Rose

19,603
6
53
101

36

votes

2 answers

HMAC vs ECDSA for JWT

I will be implementing JSON web tokens into my website and have a question about implementing them. I have a choice of using two algorithms, HMAC-SHA256 and ECDSA-SHA256. I have used HMAC-SHA256 in the past for jwt, but now I noticed ECDSA is being…

asked Nov 18 '15 at 18:48

user2924127

463
1
4
8

36

votes

2 answers

HMAC-SHA1 vs HMAC-SHA256

I have three questions: Would you use HMAC-SHA1 or HMAC-SHA256 for message authentication? How much HMAC-SHA256 is slower than HMAC-SHA1? Are the security improvements of SHA256 (over SHA1) enough to justify its usage?

asked Apr 03 '14 at 23:48

Mario

361
1
3
3

36

votes

2 answers

Practical disadvantages of GCM mode encryption

It seems that GCM mode encryption has a clear advantage over CBC + HMAC in the sense that it only requires a single key. But it seems that there are some experts here that do not trust it enough to recommend it. This question is a call to those…

asked Oct 04 '13 at 22:13

Maarten Bodewes

92,551
13
161
313

Most Popular