Highest Voted 'encryption' Questions - Cryptography Stack Exchange

429

votes

13 answers

Should we MAC-then-encrypt or encrypt-then-MAC?

Most of the time, when some data must be encrypted, it must also be protected with a MAC, because encryption protects only against passive attackers. There are some nifty encryption modes which include a MAC (EAX, GCM...) but let's assume that we…

asked Jul 19 '11 at 21:39

Thomas Pornin

88,324
16
246
315

193

votes

24 answers

Time Capsule cryptography?

Does there exist any cryptographic algorithm which encrypts data in such a way that it can only be decrypted after a certain period of time? The only idea that I can think of, is something like this: Seed a PRNG with a public value. Run the PRNG for…

encryption timed-release

asked Jun 22 '11 at 17:47

Jake

177

votes

2 answers

What is the main difference between a key, an IV and a nonce?

What are the main differences between a nonce, a key and an IV? Without any doubt the key should be kept secret. But what about the nonce and the IV? What's the main difference between them and their purposes? Is it only that, in literature and in…

keys initialization-vector encryption terminology

asked Oct 05 '12 at 08:20

curious

6,280
6
34
48

164

votes

10 answers

Why is writing your own encryption discouraged?

Say I want to write an encryption algorithm to communicate between me and my friend for this private use. How is that bad? E.g. I can take the word Hello and encrypt it with a simple algorithm – for example – take each letter and multiply its value…

encryption

asked Jan 25 '17 at 18:19

Pierte

1,547
2
10
4

154

votes

7 answers

Should we sign-then-encrypt, or encrypt-then-sign?

Frequently, we want to send messages that are (a) encrypted, so passive attackers can't discover the plaintext of the message, and (b) signed with a private-key digital signature, so active attackers can't make Alice think that a message came from…

encryption public-key signature protocol-design hash-signature

asked Nov 22 '12 at 16:55

David Cary

5,744
4
22
35

150

votes

5 answers

What is a cryptographic "salt"?

I'm a beginner to cryptography and looking to understand in very simple terms what a cryptographic "salt" is, when I might need to use it, and why I should or should not use it. Can I get a very simple and clear (beginner level) explanation? If you…

encryption hash passwords salt password-based-encryption

asked Jan 30 '12 at 14:01

Bhavik Ambani

1,631
2
15
12

104

votes

3 answers

If WhatsApp cannot read our message, how can the media forwarding happen in an instant?

WhatsApp says even the photos shared on its platform are end-to-end encrypted. When WhatsApp says encrypted I assume the data is encrypted in my device and then sent across to the recipient. When we are sending a photo for the first time we can see…

encryption

asked Apr 18 '18 at 06:13

0xAB1E

973
2
6
7

101

votes

1 answer

What is the difference between PKCS#5 padding and PKCS#7 padding

One runtime platform provides an API that supplies PKCS#5 padding for block cipher modes such as ECB and CBC. These modes have been defined for the triple DES, AES and Blowfish block ciphers. The other platform API only provides PKCS#7 padding. Are…

encryption aes block-cipher modes-of-operation padding

asked Jul 04 '13 at 21:18

Maarten Bodewes

96,351
14
169
323

92

votes

2 answers

What is the difference between CBC and GCM mode?

I am trying to learn more about GCM mode and how it differs from CBC. I already know that GCM provides a MAC, which is used for message authentication. From what I have read and from the code snippets I've seen, GCM does an exclusive-or much like…

encryption cbc modes-of-operation gcm

asked Apr 08 '12 at 23:20

Bob Bryan

1,283
2
10
11

92

votes

4 answers

What are the practical differences between 256-bit, 192-bit, and 128-bit AES encryption?

AES has several different variants: AES-128 AES-192 AES-256 But why would someone prefer use one over another?

encryption aes block-cipher key-size

asked Jul 12 '11 at 19:44

foobarfuzzbizz

3,256
3
24
25

91

votes

5 answers

Is AES-256 weaker than 192 and 128 bit versions?

From a paper via Schneier on Security's Another AES Attack (emphasis mine): In the case of AES-128, there is no known attack which is faster than the 2128 complexity of exhaustive search. However, AES-192 and AES-256 were recently shown to be…

encryption cryptanalysis aes

asked Oct 19 '12 at 22:02

quantumSoup

1,021
1
7
6

90

votes

10 answers

In end-to-end encryption, doesn't the server need to be trusted?

Applications like WhatsApp use end to end encryption. WhatsApp says that only the users share a specific key and no third party can view the messages. But I do not understand how the two users agree on the shared key. It must have been transferred…

encryption public-key key-exchange

asked Dec 19 '17 at 14:30

AV94

1,019
1
8
6

88

votes

5 answers

How secure is AES-256?

The cipher AES-256 is used among other places in SSL/TLS across the Internet. It's considered among the top ciphers. In theory it's not crackable since the combinations of keys are massive. Although NSA has categorized this in Suite B, they have…

encryption tls aes

asked Apr 01 '12 at 16:15

Gustav

1,085
1
9
7

86

votes

11 answers

Is modern encryption needlessly complicated?

RSA, DES, AES, etc., all use (relatively) complicated mathematics to encrypt some message with some key. For each of these methods, there have been several documented vulnerabilities found over the years. Some even believe that there is a…

encryption random-number-generator stream-cipher randomness one-time-pad

asked Sep 02 '11 at 03:16

Ozzah

977
1
7
6

83

votes

9 answers

Should I use ECB or CBC encryption mode for my block cipher?

Can someone tell me which mode out of ECB and CBC is better, and how to decide which mode to use? Are there any other modes which are better?

encryption block-cipher modes-of-operation cbc ecb

asked Jul 21 '11 at 13:19

midhunhk

1,151
2
13
19

Questions tagged [encryption]