Highest Voted Questions - Cryptography Stack Exchange

47

votes

4 answers

Can one generalize the Diffie-Hellman key exchange to three or more parties?

Does anyone know how to do a Diffie-Hellman or ECDH key exchange with more than two parties? I know how to do a key exchange between 2 parties, but I need to be able to have a key agreement between 3 or more parties.

asked Oct 21 '11 at 21:50

hobeau

823
1
9
11

46

votes

5 answers

Is there a secure cryptosystem that can be performed mentally?

I, myself, do not plan on getting into a situation where I would be unable to use a computer in order to communicate securely. However, I can think of many practical situations in which mental cryptography would be useful. Is there a secure…

asked Sep 28 '11 at 18:07

John Gietzen

1,505
2
15
16

46

votes

7 answers

How can we reason about the cryptographic capabilities of code-breaking agencies like the NSA or GCHQ?

I have read in Applied Cryptography that the NSA is the largest hardware buyer and the largest mathematician employer in the world. How can we reason about the symmetric ciphers cryptanalysis capabilities of code-breaking agencies like the NSA or…

asked Sep 01 '11 at 12:15

jokoon

713
1
6
13

46

votes

1 answer

Why use argon2i or argon2d if argon2id exists?

I am currently working on a project where I want to implement Argon2. The problem is that I dont really know a lot about it. Internet research is not really helpful, because Argon2 is only 2 years old so all that really exists are scientific papers…

asked Jul 07 '17 at 16:50

Richard R. Matthews

4,455
7
29
47

46

votes

3 answers

What are the differences Between “White-Box Cryptography” and “Code Obfuscation”?

I have been reading the question "What is a white-box implementation of a cryptographic algorithm?" and it led to this short article / Q&A which states in question 2: Q2: What is the difference with code obfuscation? Related and complementary…

asked Aug 12 '11 at 16:58

MByD

688
1
6
10

46

votes

3 answers

Where and how to store private keys in web applications for private messaging with web browsers

I am working on a web application enabling users to communicate over private messages which is just one part of the whole system. The main focus during my development process is to protect the privacy of my users, I think this should be one of the…

asked May 23 '16 at 18:38

user34484

46

votes

1 answer

What is a "freestart collision"?

In their work on SHA-1 collisions (cf. the EUROCRYPT-2016 paper “Freestart collision on full SHA-1” by Stevens, Karpman, and Peyrin) Stevens et al show that they are able to generate "freestart collisions" on SHA-1. They say: Even though freestart…

asked Oct 08 '15 at 09:14

otus

32,132
5
70
165

45

votes

2 answers

Is Triple DES still considered safe to use?

What it says on the tin. Is it still used in things like TLS?

asked Sep 19 '17 at 13:36

Melab

3,655
2
22
44

45

votes

2 answers

What do the magic numbers 0x5c and 0x36 in the opad/ipad calc in HMAC do?

Wikipedia lists the following pseudocode for HMAC: function hmac (key, message) if (length(key) > blocksize) then key = hash(key) // keys longer than blocksize are shortened end if if (length(key) < blocksize) then //…

asked Jun 21 '12 at 16:53

sneak

607
1
5
10

44

votes

7 answers

For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash?

When I say similar, I'm referring to the Hamming distance, the Levenshtein distance, or a similar string distance metric that measures how similar or dissimilar two strings are. For instance, are there two plaintext strings with a Levenshtein…

asked Jul 09 '19 at 04:26

John Ellmore

44

votes

2 answers

AES-GCM recommended IV size: Why 12 bytes?

When using AES-GCM, a 96-bit IV is generally recommended. Most implementations I've seen also use 96-bit. However, I'm unsure on where this recommendation or convention comes from. Let's assume a shorter IV is bad. Assuming all other constraints for…

asked Nov 17 '16 at 10:25

Hendrikvh

543
1
4
8

44

votes

2 answers

What's the fundamental difference between Diffie-Hellman and RSA?

What is the difference in the purpose of DH and RSA? Aren't they both public-key encryption?

asked Jun 11 '12 at 17:47

user541686

1,349
1
11
23

44

votes

5 answers

What is the SSL private key file format?

I was researching about how to encrypt with RSA. I understood everything but not the format of the private keys. In the phpseclib (RSA in PHP), you can import your private key (private.key format) and in the key file there is text like…

asked Dec 31 '14 at 12:40

tor

563
1
6
10

44

votes

1 answer

Can I remove newlines in a public key?

Can I remove new lines from the RSA public key file to get a one line string? So the question is if the key looks like this AAA BBB CCC or AAA\n\rBBB\n\rCCC\n\r is this the same as AAABBBCCC

asked Sep 09 '14 at 18:16

xpepermint

543
1
4
5

44

votes

6 answers

Does RSA work for any message M?

I decided to read the original RSA paper A Method for Obtaining Digital Signatures and Public-Key Cryptosystem because of a question I had about RSA (which is not the question I'm about to ask, but may be a question on here at some time) and came…

asked Oct 20 '11 at 19:13

mikeazo

38,563
8
112
180

Most Popular