Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
11
votes
3 answers

How to prove the security of block ciphers

I see very often proofs of security for asymmetric crypto algorithms, for instance, using reductions to known hard problems, or game based proofs... In the field of protocols (like authentication) it happens too, for instance proofs using formal…
Hilder Vitor Lima Pereira
  • 6,484
  • 21
  • 40
11
votes
1 answer

Is every point on an elliptic curve of a prime order group a generator?

If the order of elliptic group is prime then every point is a generator of that group. I tested the above statement on some elliptic curves and found it true. Does that really work on all curves? Is there any lemma or theorem which states that?
Rashmi
  • 121
  • 1
  • 6
11
votes
2 answers

Is RC4 a problem for password-based authentication?

This is a follow-up question to Does TLS use RC4-drop[n]?. As mentioned in section 6 of RFC4345, there are weak distinguishers for RC4 keystreams available that even work for keystreams that originate from different keys, and regardless of the…
lxgr
  • 1,798
  • 1
  • 13
  • 22
11
votes
1 answer

Non-iterative cryptographic hash functions

Consider the following cryptographic hash function $H$ which maps a message $m$ of variable size to $b$ bits: $$H:\{0,1\}^{*} \mapsto \{0,1\}^b$$ $$y = H(m) = SPRP(IV||m||padding)\mid_{b}$$ , where: $$SPRP:\{0,1\}^n \mapsto…
Ethan Heilman
  • 2,276
  • 1
  • 20
  • 40
11
votes
3 answers

AES key reuse and guessing the key

Bit of a noob question and a fair bit of Googling didn't help. I understand that the current encryption standard is AES256. A few questions Is the point of this (and other encryption techniques) to reuse the same private key for multiple messages?…
user1936752
  • 737
  • 1
  • 4
  • 16
11
votes
1 answer

What is Deterministic Authenticated Encryption?

I came across something known as deterministic authenticated encryption in my studies, and a lot of people were associating it with Synthetic IV mode. I am having trouble understanding what exactly DAE is because I thought that if something was…
winsticknova
  • 269
  • 2
  • 6
11
votes
3 answers

The internals of bcrypt

I'm attempting to get a better understanding of cryptography and have run into some questions about bcrypt. Bcrypt relies on the blowfish cipher, which is a reversible method of encryption. But bcrypt is not reversible. How is that possible? Or am…
temporary_user_name
  • 247
  • 1
  • 7
11
votes
2 answers

How many possible Enigma machine settings?

I'm trying to calculate the amount of settings the enigma machine has. I have found several sites regarding this topic, but it seems like there are two answers to my question. The first answer is 158,962,555,217,826,360,000 and the second is…
Mephistopheles
  • 213
  • 1
  • 2
  • 5
11
votes
2 answers

Example of a PRP that is not a strong PRP

The exact definition of security for a pseudorandom permutation is straightforward - for some encryption scheme $E\,\colon\,\mathcal{K}\times\mathcal{D}\rightarrow\mathcal{D}$, it must be the case that no efficient adversary can distinguish…
pg1989
  • 4,636
  • 23
  • 42
11
votes
2 answers

How does hash speed vary based on string length?

Surprisingly I have not been able to find an answer to this question on Google. If I have a function that is based on any of the popular hashing algorithms used for password generation, by what percentage/magnitude does the speed change when the…
NibblyPig
  • 213
  • 2
  • 6
11
votes
4 answers

Why was the Navajo code not broken by the Japanese in WWII?

In reading about this topic recently, to my understanding, the encryption schemes used on top of the Navajo language were very simple and definitely could have been broken (my research shows they mapped Navajo words to various different…
Michael Goldstein
  • 213
  • 2
  • 7
11
votes
2 answers

Need for salt with IV

I have mainly referred to this question. Definitely in case of using a salt, IV has a use of adding randomisation to each and every key. But isn't it redundant in case of using an IV to use a salt? (Like in case of referring to PBE with AES in CBC…
Kaustubh
  • 195
  • 1
  • 8
11
votes
4 answers

What is the advantage of digital signatures over message authentication codes?

Studying for CISSP these choices seemed limited: What is the advantage of digital signatures over message authentication codes? Digital Signature provides integrity verification while message authentication code does not Digital Signature provides…
dannys1s1
  • 119
  • 1
  • 4
11
votes
1 answer

Could this "symmetric RSA" scheme provide key compromise resistant communications?

This question, and fkraiem's answer to it, made me wonder about the security and practicality of using "symmetric RSA" to provide a partially compromise-resistant secure channel. Specifically, assume that Alice and Bob wish to communicate securely…
Ilmari Karonen
  • 46,120
  • 5
  • 105
  • 181
11
votes
1 answer

When/why is RSA (hybrid) encryption used rather than alternatives?

I've read that RSA is not meant for encrypting large plaintext because: (Are these also true for other public-key encryptions like ElGamal?) It is slow. Padding makes the ciphertext blocks much longer. No one uses RSA that way; so its security is…
Myath
  • 845
  • 6
  • 20
1 2 3
99 100