Highest Voted Questions - Cryptography Stack Exchange

77

votes

1 answer

Can you explain Bleichenbacher's CCA attack on PKCS#1 v1.5?

I've studied that the Bleichenbacher's CCA attack on PKCS#1 v1.5. is a base to many versions of attacks in the area. I'm trying to understand that attack, but every explanation I saw starts with the technical details, without giving some overview,…

asked Jan 02 '14 at 14:24

Bush

2,130
2
18
26

76

votes

4 answers

How come Public key cryptography wasn't discovered earlier?

I became interested in crypto lately and read about symmetric and public key crypto algorithms. I understand how crucial the discoveries of the 1970s like RSA, DES and DH were in advancing the technology. I just don't understand how public key…

asked May 25 '18 at 09:03

pls no

919
1
8
7

73

votes

3 answers

Signal vs Telegram in terms of protocols?

Some time ago, the question was asked in chat, why MTProto (Telegram's protocol) is supposedly worse than Axolotl (Signal's protocol) as both protocols have been the inventions of their respective companies, thereby "rolling their own crypto", which…

asked Dec 20 '15 at 21:53

SEJPM

45,967
7
99
205

73

votes

6 answers

SHA-512 faster than SHA-256?

I'm getting this strange result that SHA-512 is around 50% faster than SHA-256. I'm using .net's SHA512Managed and SHA256Managed classes. The code is similar to the one posted here but I'm referring to tests taking caching into account (from the…

asked Jun 16 '15 at 20:16

ispiro

2,005
2
18
29

72

votes

4 answers

How can I use asymmetric encryption, such as RSA, to encrypt an arbitrary length of plaintext?

RSA is not designed to be used on long blocks of plaintext like a block cipher, but I need to use it to send a large (encrypted) message. How can I do this?

asked Jul 12 '11 at 19:27

samoz

3,236
3
23
25

70

votes

3 answers

Why shouldn't I use ECB encryption?

I'm using Java to generate encrypted strings, and I get this warning at build time: ECB encryption mode should not be used So I'm wondering why I shouldn't use ECB and what I can use instead?

asked Dec 22 '14 at 12:20

Rogue

826
1
7
6

69

votes

1 answer

Easy explanation of "IND-" security notions?

There are many schemes that can advertise themselves with certain security notions, usually IND-CPA or IND-CCA2, for example plain ElGamal has IND-CPA security but doesn't provide IND-CCA security. The most common ones are the "IND-" ones,…

asked Jul 03 '15 at 11:03

SEJPM

45,967
7
99
205

68

votes

2 answers

Is truncating a SHA512 hash to the first 160 bits as secure as using SHA1?

I am from a web development background (I don't know an awful lot about cryptography or how the algorithms themselves work), so I am asking this question in simple terms. Consider a hash of the word 'test' using…

asked Jul 26 '13 at 12:11

BadHorsie

813
1
9
11

67

votes

4 answers

Why does the FBI ask Apple for help to decrypt an iPhone?

The current debate of the FBI trying to get Apple to assist in decrypting an iPhone made me wonder: Normally, upon turning on an iPhone, everything is decrypted using a 4-digit pin (or actually, a key that is derived from the PIN with a strong KDF,…

asked Feb 18 '16 at 11:38

RocketNuts

1,387
1
11
23

64

votes

3 answers

Why Curve25519 for encryption but Ed25519 for signatures?

NaCl and libsodium libraries use Curve25519 for authenticated encryption (actually for sharing a key which is used for encryption) and Ed25519 for signatures. What is the purpose of using different primitives for these operations? Why just not to…

asked Sep 01 '15 at 22:16

Simon

741
1
6
4

63

votes

5 answers

Technical feasibility of decrypting https by replacing the computer's PRNG

Intel has an on-chip RdRand function which supposedly bypasses the normally used entropy pool for /dev/urandom and directly injects output. Now rumors are going on that Intel works together with the NSA... and knowing that PRNGs are important for…

asked Jul 14 '13 at 02:39

Luc

1,508
3
19
34

63

votes

5 answers

What's the appeal of using ChaCha20 instead of AES?

I read about ChaCha20 being used in TLS by Google, SSH, and towards standardization in general. What's the appeal of using something other than AES, what with AES receiving dedicated CPU instructions on various architectures to make it so efficent?

asked Apr 12 '16 at 07:10

JDługosz

733
1
5
6

62

votes

2 answers

Why is $H(k\mathbin\Vert x)$ not a secure MAC construction?

If $H(m)$ is a secure hash function, can't we implement a MAC using $H(k\mathbin\Vert m)$? However, it seems the more widely used MACs, such as NMAC and HMAC (both originally defined in Keying hash functions for message authentication) use a much…

asked Oct 26 '11 at 20:58

Anne Nonimus

723
1
5
4

61

votes

3 answers

Hashing or encrypting twice to increase security?

Over on the bitcoin forums I asked why the bitcoin client computes SHA-256(SHA-256(x)) as its cryptographic hash for a variety of purposes. The leading theory--since the bitcoin author has disappeared--seems to be that from a security standpoint it…

asked Sep 25 '11 at 06:56

maaku

711
1
5
4

61

votes

6 answers

Soft question: Examples where lack of mathematical rigour cause security breaches?

Cryptographic tools can often become adopted even when their security proofs lack mathematical rigour - or altogether missing. Are there famous cases of security breaches in the industry, where the underlying cryptography was (up until then)…

asked Jun 03 '19 at 13:35

Snoop Catt

1,297
7
14

Most Popular