Highest Voted Questions - Cryptography Stack Exchange

57

votes

3 answers

Do these new insights into prime numbers affect encryption security?

Quanta Magazine reports: Two mathematicians have uncovered a simple, previously unnoticed property of prime numbers [...]. Prime numbers, it seems, have decided preferences about the final digits of the primes that immediately follow them. Among…

asked Mar 14 '16 at 21:54

user

513
4
7

56

votes

11 answers

How do hashes really ensure uniqueness?

This might seem an impractical and unnecessary conversation, but I feel it's something I need to clarify. Especially, as I just got my first developer job in a blockchain startup. So hashes are said to generate the same thing for any information it…

asked Oct 22 '18 at 11:35

James Kumar

685
1
5
3

56

votes

2 answers

ECDSA vs ECIES vs ECDH

Recently I started studying Elliptic Curve Cryptography and I just loved it. I want to transfer some big data (like 3KB), What is the best method, ECDSA, ECIES, or ECDH (and why)? I am confused, how should I choose between ECDSA, ECIES and ECDH?

asked Jan 10 '14 at 07:16

user3160055

663
1
6
4

55

votes

2 answers

What security authorities and standards reject $e=3$ in RSA, when, and with what rationale?

In RSA, some security authorities and/or standards allow the public exponent $e=3$, others require or recommend $e>2^{16}$ (or perhaps some other minimum). I gathered the following: PKCS#1 allows $e=3$ for both RSA digital signature and encryption…

asked May 25 '13 at 16:00

fgrieu

140,762
12
307
587

55

votes

2 answers

Timing attack and good coding practices

How would timing attack occur on a particular code but not in another code (because of good coding practice)? Could anyone give an example? I am having trouble figuring out how timing attacks would occur based on the way the code is written.

timing-attack

asked Nov 21 '16 at 06:52

asdfasd

551
1
5
3

55

votes

4 answers

Is secp256r1 more secure than secp256k1?

Curves secp256r1 and secp256k1 are both examples of two elliptic curves used in various asymmetric cryptography. Googling for these shows most of the top results are Bitcoin related. I've heard the claim that… Satoshi picked non-standard crypto…

asked Sep 04 '14 at 10:25

ripper234

1,027
1
9
13

54

votes

6 answers

Kerckhoffs’ principles – Why should I make my cipher public?

As I understand it, the less people know about the internals of my protocol or cipher, the more secure the protocol is. However Kerckhoffs's principle states that A cryptosystem should be secure even if everything about the system, except the key,…

asked Aug 06 '13 at 09:17

rath

2,548
3
25
40

54

votes

2 answers

Why use an Initialization Vector (IV)?

Why use an Initialization Vector (IV)? How are IV's used? What are the advantages/disadvantages of using an IV? Why use an IV instead of a longer key in which some section of the key is public? What happens to various security properties if an IV…

asked Sep 20 '11 at 14:11

Ethan Heilman

2,276
1
20
40

54

votes

10 answers

Now that quantum computers have been out for a while, has RSA been cracked?

D-wave systems has released a commercially viable quantum computer. This means in theory, that all asymmetric encryption algorithms — such as RSA — are now useless due to the speed at which quantum computers can factor. Has RSA been cracked yet? If…

asked Aug 17 '11 at 14:10

bbosak

961
1
6
9

54

votes

7 answers

One Encryption, Many Decryption Keys

I would like to share access to encrypted data among many recipients. I do not know the recipients ahead of time (when encrypting the data). Once the data is encrypted, I do not have access to the plaintext (so I cannot re-encrypt). Right now, I…

asked Aug 16 '16 at 19:23

Justin Bailey

603
1
5
7

54

votes

1 answer

Password hashing security of argon2 versus bcrypt/PBKDF2?

I wonder if it can be approximated how much of a security margin the new argon2 hash, winner of the password hashing competition, can give over bcrypt or PBKDF2, for an attacker using large GPU systems. Practically speaking, if I have had a…

asked Nov 23 '15 at 21:09

azren

751
1
5
7

53

votes

1 answer

Why do 5G, 4G, etc., use non-conventional algorithms?

Looking up information about 5G and the previous 3GPP standards, why have they been incorporating non-conventional algorithms into the standards? For example, AES has been considered secure for ages and there is lots of support for hardware…

asked Jun 05 '20 at 14:52

MCCCS

731
1
7
15

53

votes

2 answers

Signatures: RSA compared to ECDSA

I'm signing very small messages using RSA, and the signature and public key are added to every message, which requires a lot of space compared to the actual content. I'm considering switching to ECDSA, would this require less space with the same…

asked Jul 12 '12 at 19:37

Maestro

1,069
1
10
16

52

votes

7 answers

Google is using RC4, but isn't RC4 considered unsafe?

Why is Google using RC4 for their HTTPS/SSL? $ openssl s_client -connect www.google.com:443 | grep "Cipher is" New, TLSv1/SSLv3, Cipher is RC4-SHA Isn't RC4 unsafe to use?

asked Sep 29 '11 at 05:30

Jonas Lejon

621
1
5
6

52

votes

3 answers

Why is public-key encryption so much less efficient than secret-key encryption?

I'm currently reading Cryptography Engineering. After giving a high level explanation of the difference between secret-key encryption and public-key encryption, the book says: So why do we bother with secret-key encryption if public-key encryption…

asked Sep 02 '11 at 02:12

user670

Most Popular