Highest Voted Questions - Cryptography Stack Exchange

43

votes

6 answers

Is Convergent Encryption really secure?

Recently a company called Bitcasa demonstrated a product of cloud storage. they indicated that they would use "Convergent Encryption" to secure your data and de-duplicate, essentially one copy of the same file between users. From what I can read on…

asked Sep 20 '11 at 04:02

Justin King

533
1
5
5

43

votes

4 answers

Basic explanation of Elliptic Curve Cryptography?

I have been studying Elliptic Curve Cryptography as part of a course based on the book Cryptography and Network Security. The text for provides an excellent theoretical definition of the algorithm but I'm having a hard time understanding all of the…

asked Sep 08 '11 at 02:00

user5507

1,913
5
20
29

43

votes

4 answers

Cryptography algorithms that take longer to solve on a GPU than a CPU

I know that Graphics cards are faster at solving algorithms like SHA-256 because of the many builtin processors, but are there Algorithms that take actually longer on a Graphics card than on a modern consumer CPU (Amd/intel)?

asked Oct 01 '17 at 20:13

user51749

439
1
4
3

43

votes

2 answers

What is entropy?

We discuss a lot of topics and use measures of entropy to determine how difficult it is for an attacker to be successful. What does entropy mean in the context of cryptography? How is entropy calculated in the general case?

asked Aug 11 '11 at 23:29

this.josh

1,977
4
15
13

43

votes

1 answer

Ciphertext and tag size and IV transmission with AES in GCM mode

I am completely new to using AES in GCM mode of operation, and I have not a very large background in cryptography as well. I have been playing with OpenSSL trying to encrypt and decrypt some messages. From my simple experiments rise the following…

asked Jul 07 '15 at 20:41

Matteo Monti

1,407
2
14
19

43

votes

2 answers

How does recovering the public key from an ECDSA signature work?

It is possible to recover the public key from an ECDSA signature values $(r,s)$? Please explain how this works.

asked Jul 12 '14 at 21:56

Jan Moritz

634
1
6
19

43

votes

2 answers

Is AES-128 quantum safe?

I've been reading lately some contradicting messages with regards to the quantum-safe resistance of AES128. First, there are blog posts by Ericsson people like these ones: Can quantum attackers break AES-128? No. NIST estimates that a quantum…

asked Nov 10 '22 at 06:54

Jimakos

755
1
5
11

42

votes

12 answers

Is it possible to create a "digital seal" to tell if a document has been opened?

So, in real life we have a handful of ways to leave a physical mark on a packet to know if it has been opened without authorization (eg. you can use 'opened' security tapes, or you can put a signature or stamp right through the envelop opening). One…

asked Mar 13 '21 at 12:14

Jaime Silva

521
1
4
3

42

votes

12 answers

Differences between industrial and military cryptography

Industrial and military cryptography should follow the same basic rules, but what does make them different is: Higher key length, protocols unknown to the civilian world, and perhaps unique methods of transferring media Are there other…

asked Sep 20 '18 at 09:32

R1w

1,952
4
20
45

42

votes

3 answers

Why does nobody use (or break) the Camellia Cipher?

If Camellia is of equivalent security and speed to AES, concerns arise. First of all, assuming the above, why is Camellia so rarely used in practice? Why aren't there any breaks in Camellia? Does that mean that Camellia is currently more secure than…

asked Aug 20 '11 at 00:37

Chris Smith

1,192
1
10
18

42

votes

6 answers

How to check that you got the right key when brute forcing an encryption?

How do you know when you have the right key when brute-forcing? Let's say that they test the right key. They then have to check that the decrypted text makes sense. To do so, they can test whether there is a word in the dictionary. But then let's…

asked Feb 28 '16 at 17:57

ChiseledAbs

42

votes

4 answers

Purpose of outer key in HMAC

From what I know, the HMAC constructions has two strength: It's resistant to length extensions Since the key is consumed before the message, the attacker does not know the initial state, preventing simple collision attacks. But the simple…

asked Jul 26 '12 at 18:31

CodesInChaos

24,841
2
89
128

42

votes

4 answers

Best way to reduce chance of hash collisions: Multiple hashes, or larger hash?

I would like to maintain a list of unique data blocks (up to 1MiB in size), using the SHA-256 hash of the block as the key in the index. Obviously there is a chance of hash collisions, so what is the best way of reducing that risk? If I also…

asked Nov 11 '11 at 14:35

Theodor Kleynhans

545
1
5
6

41

votes

4 answers

How can hashes be unique if they are limited in number?

I'm curious, how can for example SHA-256 be unique if there are only a limited number of them?! For clarification: how many MD5 hashes are there? $16^{32}$ MD5 hashes can be produced. $16^{64}$ SHA-256 hashes can be produced. while there are…

asked Apr 08 '18 at 22:27

M D P

529
1
4
6

41

votes

6 answers

What does it mean for a random number generator to be cryptographically secure?

I've never heard a good answer. I'd like to hear details about: What are the criteria that make an RNG cryptographically secure? Why must your RNG be cryptographically secure? I.e., what are the consequences if it is not? Examples of secure and…

asked Aug 05 '16 at 16:32

agotsis

537
1
5
8

Most Popular