Highest Voted Questions - Cryptography Stack Exchange

11

votes

4 answers

One round of AES-128

Maybe it’s a silly question, I’m interested in the best known/chosen plaintext attack on only one round of AES-128. More specifically, what is the smallest number of known/chosen plaintext/ciphertext pairs which allow us to recover the key with high…

asked May 17 '20 at 09:30

user79425

11

votes

1 answer

Why do I need to store the salt for generated hashes?

I am new to crypto and authentication so have been doing reading around this and thought that I had a pretty good understanding of how this works. However when implementing my hashing using bcrypt.js I am once again confused. I thought that the…

asked May 17 '20 at 05:39

Roaders

213
2
5

11

votes

2 answers

Meaning of the term "Key Material"

I am reading specifications from my client that focuses on the topic of security. In these specs, the term key material has appeared many times. I used Google to look for what the term means. Unfortunately few posts explain what it means. What is…

asked May 08 '20 at 12:16

mac.ma

211
2
3

11

votes

2 answers

In textbook RSA with low public exponent, how big does a random message needs to be?

Assume RSA with a public modulus $N$ of $n$ bits, a small odd public exponent $e$, plaintext $M$ a random non-negative integer less than $2^m$ for some integer parameter $m$, with $M\mapsto C=M^e\bmod N$ (textbook RSA) used for encryption. Inasmuch…

asked Apr 17 '13 at 13:21

fgrieu

140,762
12
307
587

11

votes

1 answer

Correct way to map random number to defined range?

Say that we have a secure random number generation that outputs 32 bit random numbers, so it's output is a true random number between 0 and a MAX. What is the best way to map this random number to a defined range (say I want something random between…

random-number-generator

asked Apr 15 '13 at 09:28

AndroidSec

113
1
4

11

votes

1 answer

Minimizing exchanges for ZK proof of a message with given SHA-256

Consider the problem of proving knowledge of a message $m$ which has a certain public SHA-256 hash $h$, without disclosing $m$ or usable information about it, while minimizing the information exchange (across a bidirectional channel assumed to…

asked Jan 10 '20 at 07:09

fgrieu

140,762
12
307
587

11

votes

5 answers

Suppose I capture encrypted data that I want to decrypt. Could I use a server farm to decrypt?

For argument's sake, let's say that I'm a bad actor who produces malware. I've infected around 10,000 computers and smartphones with my malware, which runs in the background and can be used to make someone else's machine run calculations for…

public-key

asked Nov 21 '19 at 14:34

NegativeFriction

229
2
6

11

votes

2 answers

Advantages and disadvantages of hash-based signatures

We know hash-based signatures (Winternitz signature, HORS(T) signature) that are quantum-safe and efficient. They can be stateful or stateless, one-time or multiple-time. But why are they not widely used in practice? Or maybe they are, please tell…

asked Oct 28 '19 at 01:00

Laura

377
2
11

11

votes

7 answers

In search of a pedagogically simple example of asymmetric encryption routine?

(I am not a cryptography expert; I do write software) I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two…

asked Sep 27 '19 at 15:28

Travis Griggs

211
2
4

11

votes

3 answers

Accelerating SHA-1

I have a program where computing SHA-1 is the bottleneck. This is using OpenSSL 1.0.0e on a 2.6Ghz 16-core Opteron where I get about 325MiB/s throughput. (SHA1 here is via Andy Polyakov's x86-64 assembly implementation using SSSE3.) If I need to…

asked Sep 20 '11 at 16:30

Fixee

4,158
2
25
39

11

votes

4 answers

Should DES be avoided when developing new systems?

According to wikipedia… DES is now considered to be insecure for many applications However, since it can be broken relatively easy, should it not just be avoided for all applications?

des

asked Jul 13 '11 at 10:15

Shiraz Bhaiji

635
1
5
9

11

votes

1 answer

Are DSA and ECDSA provably secure assuming DL security?

Is there proof that the DSA construction, also used by ECDSA, is secure assuming that discrete logarithms in the relevant group representation are difficult?

asked Jun 03 '19 at 19:46

Myria

2,575
13
26

11

votes

3 answers

Smallest Guaranteed hash collision cycle length

If I take the sha-256 of an empty string, and apply the hash function $2^{256}!$ times, will I end up with the same hash that I started with? Is the smallest required cycle equal to the LCM of $1$ to $2^{256}$?

hash

asked May 11 '19 at 16:18

William

235
1
6

11

votes

2 answers

Measuring entropy for a ciphertext only attack

When bruteforcing a password (e.g. the common attacks on DES), where you have ciphertext only, you need a way to assess whether a decrypted plaintext is the right one. I believe the EFF DES machine does this by checking if the chars are printable. …

asked Sep 16 '11 at 09:32

S. Robert James

329
4
8

11

votes

1 answer

Alice trusts Bob only when Bob trusts Alice

some story first: Alice and Bob both have public/private key pairs. Now Bob wants Alice to sign his public key id. Alice agrees but only when Bob signs the public key id of her. Is this something that can be achieved? at the end, the signatures…

asked Mar 26 '13 at 22:23

esskar

373
1
11

Most Popular