Highest Voted Questions - Cryptography Stack Exchange

11

votes

3 answers

Initialize a PRNG with a password

Let's assume that we have a secure PRNG. Is it "safe" to initialize it with password, or seed based on a password like SHA256(password)? If yes, is it "safe" to generate an RSA or DSA key from it? The idea behind this is to initialize a PRNG with a…

asked Jan 23 '13 at 16:04

esskar

373
1
11

11

votes

1 answer

How to salt PBKDF2, when generating both an AES key and a HMAC key for Encrypt then MAC?

When using Encrypt-then-MAC with AES and HMAC by password, and given 128 bits of payload with the ciphertext to store a random salt, which would be more secure: Using PBKDF2 with then entire 128 bit random salt and generating 512 bits of derived…

asked Jan 11 '13 at 17:28

jbtule

278
6
14

11

votes

2 answers

How many trials does it take to break HMAC-MD5?

I know that you can find collision in MD5 with $2^{64}$ trials using Birthday paradox. Now everyone is saying that HMAC-MD5 is significantly more secure. How can I quantify this security? My question is how many trials does it take to find a…

asked May 21 '18 at 04:09

ladybug

213
2
5

11

votes

1 answer

Example Rainbow Table Generation

I have read up on rainbow tables and think I understand the idea behind them. However, I find that it would be better for me to actually attempt to implement a (very basic) rainbow table generator in order to get a proper feel to using rainbow…

asked Jan 04 '13 at 03:38

calccrypto

536
1
8
25

11

votes

2 answers

Should I salt an AES password at each encryption?

I saw a sample code where the same password is salted with a different value (using PBKDF2) for each encryption. That means that the salt must be stored for each encrypted message. I don't understand why they do that since AES is used here in CBC…

asked Dec 31 '12 at 14:39

Benoit

113
1
1
6

11

votes

4 answers

Can I find the encryption key if I know the plain text and the encrypted text (DES and AES)?

If I have the plain text and its output after encryption with a key K1, is it algorithmically feasible to find K1? I am specifically interested in the cases of DES and AES encryption algorithms.

asked Apr 25 '18 at 11:19

Joezer

213
1
2
6

11

votes

2 answers

Can AES-GCM be broken if initialisation vector is known?

We are using AES encryption in GCM block mode in order to encrypt a number of different kinds of data at rest on a mobile device - Android. The key used for encryption is stored in the protected key-store offered Android so I am assuming that it is…

aes-gcm

asked Apr 13 '18 at 11:30

Suhas

253
3
10

11

votes

3 answers

How to evaluate chi squared result?

I've been recently working on a (supposedly) TRNG. I'm still at the beginning of the project, so it is certainly not cryptographically secure yet, for now I'm just playing around. In fact, I've already discussed the project and the chi square…

asked Mar 29 '18 at 11:08

valerio_new

268
3
13

11

votes

3 answers

What is RSA-PSS and how is it different from a hash?

I can't find any usable resources about it online (at least ones that make sense to me right now), so any links to articles or if you could explain it to me would be greatly appreciated. What I don't understand is what is PSS? I understand that RSA…

asked Mar 19 '18 at 00:31

lougehrig10

123
1
1
5

11

votes

3 answers

Can one have an authentic, but repudiable, message without a previously shared secret?

Bob wants to send a message to Alice, such that Alice can be sure that the message came from Bob, but can't prove it to anyone else. If I understand right, this means that the same message could have possibly also been constructed by Alice, but not…

asked Dec 12 '12 at 21:11

Paŭlo Ebermann

22,656
7
79
117

11

votes

3 answers

Designing a hash function from first principles rather than depending on heuristics

Is there a general method to design a cryptographic hash function (with desired properties) from first principles? That is, is there a general process for constructing such functions? I get the impression that Merkle–Damgård construction simplifies…

asked Feb 07 '18 at 08:15

wil3

213
2
7

11

votes

1 answer

AES timing attacks

I'm just interested in cryptography, so please don't expect me to be an expert. ;) I recently read about AES cache timing attacks and found it very interesting. I read the article Cache-timing attacks on AES by Daniel Bernstein, but I don't seem to…

asked Nov 29 '12 at 17:43

cooky451

257
2
7

11

votes

2 answers

What is the relation between the existence of a cryptographic hash function and the existence of a PRG?

Does the existence of a PRF/PRG/one way function imply the existence of a hash function? I did not find a proof of the existence of a cryptographic hash function, so I want to know whether it is based the same axiom (the PRG axiom)?

asked Jan 30 '18 at 13:29

Blanco

1,622
1
10
20

11

votes

2 answers

Why are NaCl secret keys 64 bytes for signing, but 32 bytes for box?

Ed25519 secret and public keys can both be represented in 32 bytes. Why does NaCl use 64 byte signing keys?

asked Dec 31 '17 at 10:20

knaccc

4,732
1
16
30

11

votes

3 answers

Relative merits of AES ECB and CBC modes for securing data at rest

I need to store several million Payment Card Numbers (PCNs) securely in a mainframe database (that is, 'at rest'). I assume that any attacker will have access to all of the stored data. I assume the availability of a secure device that can: Store a…

asked Nov 18 '12 at 10:20

Brent.Longborough

335
2
8

Most Popular