Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
35
votes
8 answers

Why do some people believe that humans are "bad at" generating random numbers/characters like this?

I'm not even sure if they are serious, but I've heard many times that some people refuse to not only trust their computer to generate a random string (which is understandable) but also don't trust themselves to do it. So, instead of simply…
K. B.
  • 383
  • 1
  • 4
  • 4
35
votes
4 answers

Can ECDSA signatures be safely made "deterministic"?

Using the terminology of the ECDSA Wikipedia page, ECDSA (and DSA) signatures require a random k value for each signature which ensures that the signature is different each time even if the message and key are the same. For some applications, a…
ByteCoin
  • 727
  • 1
  • 6
  • 7
35
votes
2 answers

Using the same secret key for encryption and authentication in a Encrypt-then-MAC scheme

Is it a weakness to use a single shared secret for protecting messages using a Encrypt-then-MAC scheme? Assuming a system is using AES-256-CBC and a SHA1-HMAC and the same secret key for both operations. Upon intercepting one of these messages…
Rook
  • 1,496
  • 1
  • 13
  • 22
35
votes
10 answers

Encryption that purposefully take hours to decrypt

My problem: I want to block sites on my router. I want to generate new password for my router after blocking sites. This new password I want to encrypt. But to decrypt it, I want it to take 2 to 8 hour to decrypt. Is there any solution that could…
Matt Rybin
  • 469
  • 1
  • 4
  • 5
35
votes
7 answers

Is Diffie-Hellman mathematically the same as RSA?

Is the Diffie-Hellman key exchange the same as RSA? Diffie Hellman allows key exchange on a observed wire – but so can RSA. Alice and Bob want to exchange a key – Big brother is watching everything. Bob makes a fresh RSA key pair and sends his…
joe armstrong
35
votes
2 answers

Largest integer factored by Shor's algorithm?

I'm studying Shor's quantum factoring algorithm. I was wondering what the largest integer is which they were able to factor with a small quantum computer. Does anybody have an idea about this?
Robbe Motmans
  • 483
  • 1
  • 4
  • 4
35
votes
2 answers

How secure is SHA1? What are the chances of a real exploit?

I read that, in February 2017, a SHA1 collision was calculated for the first time. This, and earlier theoretical proof, means that SHA1 is officially cryptographicaly insecure. But, when using SHA1 in a protocol (SAML assertions in my case), both…
Rob van Laarhoven
  • 453
  • 1
  • 4
  • 8
35
votes
5 answers

What security do Cryptographic Sponges offer against generic quantum attacks?

In the face of non-quantum attacker, Keccak[r=1088,c=512] with 512 bits of output provides: Collision resistance up to $2^{256}$ operations Preimage resistance up to $2^{256}$ operations Second preimage resistance up to $2^{256}$ operations In…
Nakedible
  • 1,440
  • 11
  • 15
35
votes
5 answers

Why is padding used for RSA encryption given that it is not a block cipher?

In AES we use some padded bytes at end of message to fit 128/256 byte blocks. But as RSA is not a block cipher why is padding used? Can the message size be any byte length (is the encrypting agent free to choose) or must it be a certain byte…
mario
  • 369
  • 1
  • 3
  • 4
35
votes
4 answers

Is there a string that's hash is equal to itself?

I was wondering if there's any string that has a hash equal to itself, so that – when using any (none specific) hash function – the hash would be equal to that string? so that: hash(x) = x Note that this is not an assignment or anything. I’m just…
Mostafa Berg
  • 453
  • 1
  • 4
  • 8
35
votes
4 answers

What is a Non-Interactive Zero Knowledge Proof?

I understand the concept of a Zero Knowledge Proof thanks to the easy to understand analogy of Alibaba's cave. However, this seems to require interaction between the verifier and the other party. I have not found an explanation of non-interactive…
BBedit
  • 481
  • 1
  • 4
  • 5
35
votes
4 answers

What is so special about elliptic curves?

There seems to be sources like this, this also, and some introductions that discuss elliptic curves in general and how they're used. But what I'd like to know is why these particular curves are so important in cryptography as opposed to, let's say,…
stackuser
  • 583
  • 4
  • 7
34
votes
1 answer

Proof for the SHA3 claim that 256 bit security is "post-quantum sufficient"?

On page 14 of "Keccak and the SHA-3 Standardization" (February 6, 2013) it says: Instantiation of a sponge function the permutation KECCAK-f 7 permutations: b → {25,50,100,200,400,800,1600} Security-speed trade-offs using the same permutation,…
e-sushi
  • 17,891
  • 12
  • 83
  • 229
34
votes
1 answer

What is a Pedersen commitment?

I couldn't find any answer providing a high-level overview on what Pedersen commitments are or what they are used for.
Paul Razvan Berg
  • 547
  • 1
  • 4
  • 13
34
votes
1 answer

Does the generator size matter in Diffie-Hellman?

For the Diffie-Hellman protocol I've heard that the generator 3 is as safe as any other generator. Yet, 32-bit or 256-bit exponents are sometimes used as generators. What is the benefit of using these very large generators if they are just as safe…
jnm2
  • 582
  • 5
  • 11
1 2 3
99 100