Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
11
votes
1 answer

(EC)DSA signature without hashing, or with offloaded hash?

In (EC)DSA as per FIPS 186-4, the message to sign is first hashed. Imagine that we skip this hashing stage, instead put the message where the hash was, and constrain the size of message $h$ to the original hash's output width $N$ bits. The resulting…
fgrieu
  • 140,762
  • 12
  • 307
  • 587
11
votes
1 answer

Which compression functions are PRFs?

In a 2006 paper Bellare showed that HMAC remains secure even if collision resistance for MD5/SHA-1 is broken as long they are still PRFs. The Wikipedia article on cryptographic hash functions mentions that In practice, collision resistance is…
Elias
  • 4,903
  • 1
  • 14
  • 31
11
votes
2 answers

Different ways/algorithms for implementing AES

I have seen a couple software implementations of the Advanced Encryption Standard. They are pretty much straight forward, i.e. they are implemented exactly the same way as the AES is described. This makes an implementation of AES very easy to…
jordi88
  • 111
  • 1
  • 3
11
votes
0 answers

How exactly does ASKE (Alpha Secure Key Establishment) in Zigbee work?

I am working on Zigbee security. For key establishment, some approaches are given in Zigbee. Some of them are: ASKE (Alpha Secure Key Establishment), ASAC (Alpha Secure Access Control), and SKKE (Symmetric Key Key Establishment). I tried to do my…
Prasanth Kumar Arisetti
  • 219
  • 1
  • 6
11
votes
1 answer

Why do crypto tools display key components in such an unusual format?

openssl x509 (v1.0.1f) displays public key moduli as arrays of hex-encoded bytes, 15 columns wide, starting with a leading 00:: Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) …
Dan Lenski
  • 335
  • 2
  • 10
11
votes
2 answers

Best password hashing strategy with Argon2 in a web app

What are reasonable parameters for Argon2 to hash passwords in a web application? On the one hand we need good performance, fast responses and DDoS resistance, but on the other hand we need protection from brute force on modern GPU, ASIC, FPGA etc.…
CaptainRR
  • 646
  • 5
  • 16
11
votes
5 answers

What is the purely mathematical definition of encryption strength?

An encryption function can be used to obfuscate pieces of information and later on retrieve them. What is the yardstick for measuring how well the function encrypts the information ? Given any invertible function, which are the quantified parameters…
ARi
  • 235
  • 2
  • 7
11
votes
3 answers

Are these emerging threats against AES affecting your designs?

Recentally, an attack on AES was discovered which reduces its computationally complexity, by a very slight amount. The first key recovery attack on the full AES-128 with computational complexity $2^{126.1}$. The first key recovery attack on the…
Rook
  • 1,496
  • 1
  • 13
  • 22
11
votes
1 answer

What is a pseudo-collision attack?

In the context of cryptographic hash function collisions, what exactly is a pseudo-collision attack? E.g., pseudo-collisions are discussed here: Preimage and Pseudo-Collision Attacks on Step-Reduced SM3 Hash Function Converting Meet-in-the-Middle…
Arminius
  • 268
  • 3
  • 13
11
votes
3 answers

Usage difference between x86 RDRAND and RDSEED

Modern x86 CPUs often have the RDRAND and RDSEED instructions for hardware generation of random numbers. I just don't understand the difference between them. Intel has this document:…
Myria
  • 2,575
  • 13
  • 26
11
votes
1 answer

Can someone clarify two things about the HKDF by Krawczyk?

I got a question about the HKDF Scheme by Hugo Krawczyk. On the following link you can find a small explanation of the HKDF-Scheme and some short informations. The HKDF specification itself has been published as RFC 5869. I got two questions about…
chris000r
  • 519
  • 3
  • 15
11
votes
2 answers

Why must an elliptic curve group for ECC have prime order?

What is the deeper reason, a group must have prime order for usage in cryptography?
MichaelW
  • 1,497
  • 1
  • 11
  • 24
11
votes
2 answers

How to show that a one-way function proves that P ≠ NP?

According to this, the existence of a one-way function proves P ≠ NP. What is the proof of this? One way to show this is that if P = NP, then any function is easy to invert. P and NP are about decision problems though, not computation…
Christopher King
  • 819
  • 5
  • 19
11
votes
1 answer

Why does Skein use an output transform, but other similar hashes don't?

Skein uses an additional compression function call to finalize the output, even when the output isn't larger than the native output size. The Skein paper says: Due to Skein’s output transformation, it remains an open problem how to create…
CodesInChaos
  • 24,841
  • 2
  • 89
  • 128
11
votes
3 answers

Is there a signature scheme in which private keys can't be linked to their signatures?

Normally in a signature system, the private key can be used to derive the public key, and therefore verify any given signature signed by that private key. Can we create a system without this property? Namely, I'm looking for a signature scheme in…
Christopher King
  • 819
  • 5
  • 19
1 2 3
99 100