Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
11
votes
1 answer

Which MACs can be converted into a secure unkeyed hash function?

It is known that setting the secret key to a fixed, public value does not make MACs like CBC-MAC or GMAC into secure unkeyed cryptographic hash functions that could be used - for instance - for digital signatures. In other words, the resulting hash…
SquareRootOfTwentyThree
  • 1,705
  • 11
  • 16
11
votes
1 answer

Is quantum key distribution safe against MITM attacks too?

i read this recently: http://www.newscientist.com/article/dn12786-quantum-cryptography-to-protect-swiss-election.html and some parts of this: http://en.wikipedia.org/wiki/Quantum_key_distribution they talk about direct fibre optic cable and…
H M
  • 283
  • 3
  • 8
11
votes
1 answer

CPA-security of a pseudorandom permutation encryption scheme

Let $F$ be a pseudorandom permutation, and define a fixed-length encryption scheme $(Gen, Enc, Dec)$ as follows: on input $m \in$ $\{0,1\}^{n/2}$ and key $k \in \{0,1\}^n$, algorithm $Enc$ chooses a random string $r \leftarrow \{0,1\}^{n/2}$…
pa5h1nh0
  • 521
  • 7
  • 17
11
votes
1 answer

Are there any practical attacks that create a printable chosen prefix MD5 collision?

I would like to create two ASCII text messages with the same MD5. Is this possible? If not, is there a similar but less strict attack that could work? Or to rephrase my last question: what are the minimum prerequisites for the message…
user25418
  • 111
  • 3
11
votes
1 answer

Secure content-defined chunking

Intro For deduplication purposes, I need to split a stream of plaintext bytes into variable-sized chunks. The way this is traditionally done is using a rolling hash function defined over some window $w$ (e.g. 48 bytes). This window "slides" along…
Paya
  • 189
  • 10
11
votes
5 answers

Is One Time Pad considered Chosen-Plaintext Attack Secure?

If we're considering Chosen-Plaintext Attack setting, then the adversary has access to the Encryption Oracle right, and we know that OTP is only considered secure if we use the key only once. How would we ensure that the adversary uses the key only…
Gordon
  • 487
  • 5
  • 18
11
votes
2 answers

Is HMAC-MD5 still secure for commitment or other common uses?

MD5 collisions have been out for some time. In spite of this, HMAC-MD5 is still secure for authenticating data1. This illustrates a strength of the HMAC construction, it does not require that the hash function be (weakly) collision…
mikeazo
  • 38,563
  • 8
  • 112
  • 180
11
votes
2 answers

Why use randomness in digital signature algorithms?

I understand why randomness has to be employed in encryption, because deterministic ciphers are not IND-CPA. I don't understand why digital signature schemes that employ randomness, like RSA-PSS, are any better than purely deterministic ones like…
wlad
  • 1,239
  • 1
  • 13
  • 24
11
votes
1 answer

The difference between MAC algorithms and what to use

I've been looking into message authentication codes and found several ways to create integrity for a message. I know of the following algorithms: HMAC, this can use any cryptograhpic hash function and a key, for a HMAC to be secure the underlying…
Vincent
  • 966
  • 1
  • 11
  • 30
11
votes
2 answers

AES GCM vs other encryption modes in embedded environment for network traffic

I'm doing a lot of research since I'm doing an internship for a company where I need to upgrade their security level. Their own protocol needs a cryptographic upgrade and I'm leaning towards AES since it is well known (also good from a sales…
Vincent
  • 966
  • 1
  • 11
  • 30
11
votes
4 answers

What is the largest performed/possible bruteforce attack to date?

I've read that cracking 128-bit key is currently out of reach of all humanity. However, I can't seem to find any information on what scope of brute force attacks have been performed or are possible at the current time. Can someone provide some…
ThePiachu
  • 1,679
  • 2
  • 18
  • 25
11
votes
1 answer

Change in probability of collision when removing digits from MD5 hexadecimal hash values

I am aware that MD5 has a known collision vulnerability and should not be relied upon when uniqueness is required, but in the environment I am working on I only have access to MD5 hash function. Background detail below, but in general how much and…
Lukman
  • 1,387
  • 1
  • 12
  • 10
11
votes
2 answers

Evaluating Algebraic Complexity of a S-box

While studying the design and the desirable properties of an AES S-box , I came to know that Algebraic Complexity is also an important property of an S-box which is usually considered while evaluating the properties of an S-box. After reading…
m2n
  • 111
  • 5
11
votes
1 answer

What are the methods to construct a primitive binary nonlinear feedback shift register (NLFSR)?

Given a binary shift register of $n$ bits, a primitive binary nonlinear feedback shift register will generate a sequence with a period of $2^n - 1$. While I am unable to find a paper which directly describes the methods, the paper A List of Maximum…
Bluemilk
  • 211
  • 1
  • 3
11
votes
1 answer

PBKDF vs HKDF for pretty long key

I'm developing a messenger application with encrypted chats. In the first version of the app I've used PBKDF2 (10000 iterations, SHA1, random salt) to extend a short user password and generate keys to encrypt (AES256) and sign message (HMAC). In…
alexeylang
  • 113
  • 1
  • 5
1 2 3
99 100