Highest Voted Questions - Cryptography Stack Exchange

52

votes

6 answers

Who uses Dual_EC_DRBG?

Recent news articles have suggested that the NSA may be involved in trying to influence the cryptography in public standards or commercially deployed software, to enable the NSA to decrypt the encrypted traffic. For example, see this article in the…

asked Sep 05 '13 at 20:58

D.W.

36,365
13
102
187

51

votes

1 answer

What are SNARKs?

What does it mean and what is it used for, I have been hearing this term a lot lately. From the context I've heard it talked about it seems to be connected with zero knowledge?

asked Oct 29 '14 at 20:31

wi1

613
1
5
5

51

votes

5 answers

How to find modulus from a RSA public key?

I am studying the RSA cryptosystem. The public key consists of $(n, e)$, the modulus (product of two large primes), and the encryption exponent. I want to separate the modulus $n$ and exponent $e$. A typical public key is expressed in base64, and is…

asked Jul 07 '14 at 10:21

user3001408

613
1
6
5

50

votes

2 answers

Why is SHA-1 considered broken?

Is there a known pair of distinct bit strings (A,B) such that SHA-1(A) == SHA-1(B)? If the answer is no, then how can SHA-1 be considered broken?

asked Aug 30 '12 at 22:00

Andrew Tomazos

637
1
5
8

50

votes

3 answers

What are the benefits of the two permutation tables in DES?

Why do we use a permutation table in the first step of DES algorithm and one at the end of the algorithm?

asked Jul 12 '11 at 18:44

Am1rr3zA

755
1
7
9

49

votes

8 answers

Is there a simple hash function that one can compute without a computer?

I am looking for a hash function that is computable by hand (in reasonable time). The function should be at least a little bit secure: There should be no trivial way to find a collision (by hand). For instance, a simple cross-sum is not meeting this…

asked Sep 23 '11 at 21:22

FUZxxl

593
1
4
12

49

votes

2 answers

Differences between the terms "pre-master secret", "master secret", "private key", and "shared secret"?

Both crypto.SE and security.SE have excellent Q&As about how TLS generates session keys (I have linked some at the bottom). In reading these threads I'm having troubles with terminology since the following terms seem to be used with overlapping…

asked Jul 24 '15 at 16:07

Mike Ounsworth

3,627
1
18
28

49

votes

1 answer

AES256-GCM - can someone explain how to use it securely (ruby)

I am looking into using AES256-GCM for encrypting some database fields. I know that for AES256-CBC, I need to generate a new IV for each encrypt, but I can use the same key. The IV can be openly stored alongside the ciphertext (ie, it can be…

asked Jul 03 '14 at 22:19

breakingbreadmuffins

491
1
5
3

48

votes

2 answers

How is the Swiss post e-voting system supposed to work, and how was it wrong?

I read that the Swiss post had an e-voting solution developed, made it possible to obtain the source code for review, and that vulnerabilities were found. Apparently we are not talking about the inherent and well-known issues of e-voting: it can't…

asked Mar 13 '19 at 11:40

fgrieu

140,762
12
307
587

48

votes

3 answers

What is the difference between a HMAC and a hash of data?

On a recent question it became apparent that there's a significant difference between an HMAC of input data and a hash of input data. What exactly is the difference between an HMAC and a hash of a span of input data?

asked Feb 26 '13 at 20:07

Naftuli Kay

967
1
10
14

48

votes

1 answer

Second pre-image resistance vs Collision resistance

From Wikipedia: Second pre-image resistance Given an input $m_1$ it should be difficult to find another input $m_2$ such that $m_1$ ≠ $m_2$ and $\operatorname{hash}(m_1) = \operatorname{hash}(m_2)$. Functions that lack this property are…

asked Dec 24 '14 at 16:53

ritch

583
1
4
6

47

votes

4 answers

Security strength of RSA in relation with the modulus size

NIST SP 800-57 §5.6.1 p.62–64 specifies a correspondence between RSA modulus size $n$ and expected security strength $s$ in bits: Strength RSA modulus size 80 1024 112 2048 128 3072 192 7680 256 15360 This…

asked Jun 11 '13 at 16:36

Gilles 'SO- stop being evil'

19,134
4
50
92

47

votes

2 answers

How to choose between AES-CCM and AES-GCM for storage volume encryption

We are using the encryption built into Solaris 11 ZFS, which offers the choice between CCM (CBC counter mode) and GCM (Galois counter mode). What are the pros and cons of choosing each of these cipher modes?

asked Mar 27 '13 at 12:00

ruief

662
1
5
8

47

votes

2 answers

AES CBC mode or AES CTR mode recommended?

What are the benefits and disadvantages of CBC vs. CTR mode? Which one is more secure?

asked Jan 19 '13 at 12:02

mary

1,031
3
11
13

47

votes

1 answer

Why do all SSH-RSA Keys begin with "AAAAB3NzaC1yc"?

My friend and I have been generating a few SSH2 RSA keys and noticed all the public keys begin with AAAAB3NzaC1yc, with the similarity extending to AAAAB3NzaC1yc2EAAAABIwAAAQEA between two keys generated on the same machine in two successive…

asked Jan 08 '13 at 17:02

Lord Loh.

685
1
7
12

Most Popular