Highest Voted Questions - Cryptography Stack Exchange

41

votes

2 answers

Why do we use encrypt-decrypt-encrypt (EDE) in 3DES, rather than encrypting three times?

I'm wondering why we use encrypt-decrypt-encrypt (EDE) sequence in 3DES (also known as DES-EDE, TDES or TDEA) with three keys instead of three times encryption (EEE) with three different keys?

encryption symmetric des 3des

asked Mar 09 '12 at 13:45

alaamub

583
1
5
6

41

votes

1 answer

What is Attribute Based Encryption?

Can someone explain what attribute based encryption is? I was searching for a book or something that can help me in this regard but so far I have found none. Google also returns practically nothing aside from the papers.

terminology abe

asked Jun 25 '14 at 21:09

Mark

413
1
4
4

41

votes

3 answers

How is the MD2 hash function S-table constructed from Pi?

For fun, I'm learning more about cryptography and hashing. I'm implementing the MD2 hash function following RFC 1319 (https://www.rfc-editor.org/rfc/rfc1319). I'll preface by saying I know there are libraries, I know this is an old hash, and I do…

hash algorithm-design history md2 constants

asked Nov 25 '13 at 10:23

Keith

513
4
6

40

votes

1 answer

RIPEMD versus SHA-x, what are the main pros and cons?

RIPEMD is a family of cryptographic hash functions, meaning it competes for roughly the same uses as MD5, SHA-1 & SHA-256 do. The Wikipedia page for RIPEMD seems to have some nice things to say about it: "designed in the open academic…

hash ripemd

asked Oct 12 '11 at 14:28

user950

40

votes

9 answers

What's the truth about this "absolutely unbreakable" cipher?

A story appeared on Forbes today claiming that we now have an absolutely unbreakable cipher. It cites a paper published in Nature Communications. However, I'm skeptical: But what if there were a method of enabling data to be sent using an…

encryption snake-oil-cryptography

asked Dec 21 '19 at 17:55

Joseph Sible-Reinstate Monica

499
7
15

40

votes

1 answer

Why do the elliptic curves recommended by NIST use 521 bits rather than 512?

Wikipedia says in reference to the elliptic curves officially recommended by NIST in FIPS 186-3: Five prime fields for certain primes p of sizes 192, 224, 256, 384, and 521 bits. For each of the prime fields, one elliptic curve is recommended. The…

elliptic-curves

asked Feb 03 '13 at 22:14

Zack Elan

503
1
4
5

40

votes

1 answer

ECDSA, EdDSA and ed25519 relationship / compatibility

I'm trying to understand the relationship between those three signature schemes (ECDSA, EdDSA, and ed25519) and mainly to what degree they are mutually compatible in the sense of key-pair derivation, signing, and signature verification. But I was…

elliptic-curves dsa ed25519 eddsa

asked Apr 15 '18 at 22:00

Rafael Korbas

503
1
4
6

40

votes

1 answer

What is “Fast Prime”?

In this note, the manufacturer of a RSA key generation gizmo vulnerable to the new ROCA attack (see second section) explains that it is common practice to employ acceleration algorithms in order to generate key pairs, especially if time resources…

rsa terminology key-generation roca

asked Oct 16 '17 at 17:24

fgrieu

149,326
13
324
622

40

votes

2 answers

How does hashing twice protect against birthday attacks?

The bitcoin wiki says: Bitcoin is using two hash iterations (denoted SHA256^2 ie "SHA256 function squared") and the reason for this relates to a partial attack on the smaller but related SHA1 hash. SHA1's resistance to birthday attacks has been…

sha-256 cryptocurrency birthday-attack

asked Jan 05 '17 at 16:25

4nt

503
1
4
5

40

votes

3 answers

Why is CBC with predictable IV considered insecure against chosen-plaintext attack?

I just learned that using CBC encryption with an IV which is predictable is not secure. From what I understand, using certain plain texts, and then guessing the IV that it uses, the attacker can verify if the IV he guessed was right. How does this…

encryption cbc initialization-vector chosen-plaintext-attack

asked Sep 26 '12 at 23:17

asudhak

501
1
4
5

40

votes

2 answers

How does order-preserving encryption work?

Order-preserving encryption (OPE) is, apparently, a method of encrypting data so that it's possible to make efficient inequality comparisons on the encrypted items without decrypting them. I've been coming across this term in various places…

encryption order-preserving

asked Sep 17 '12 at 22:22

Ilmari Karonen

46,700
5
112
189

39

votes

3 answers

Why was AES CBC removed in TLS 1.3?

I don't quite understand why AES CBC was removed in TLS1.3. From what I know CBC is the most secure Mode of operation for the AES block cipher (if you can say it like that). It only needs a TRND IV and has not been broken. If you pair it with a…

aes tls cbc modes-of-operation aes-gcm

asked Oct 26 '17 at 15:10

Richard R. Matthews

4,545
9
31
49

39

votes

2 answers

HMAC vs ECDSA for JWT

I will be implementing JSON web tokens into my website and have a question about implementing them. I have a choice of using two algorithms, HMAC-SHA256 and ECDSA-SHA256. I have used HMAC-SHA256 in the past for jwt, but now I noticed ECDSA is being…

algorithm-design hmac dsa jwt

asked Nov 18 '15 at 18:48

user2924127

493
1
4
8

39

votes

4 answers

What is the recommended replacement for MD5?

Since MD5 is broken for purposes of security, what hash should I be using now for secure applications?

hash md5

asked Jun 20 '12 at 19:21

grieve

545
1
4
7

39

votes

2 answers

Why is HMAC-SHA1 still considered secure?

This Q & A https://security.stackexchange.com/questions/33123/hotp-with-as-hmac-hashing-algoritme-a-hash-from-the-sha-2-family says that the security of HMAC-SHA1 does not depend on resistance to collisions? Are they are saying specifically with…

hmac collision-resistance sha-1

asked Jun 25 '15 at 08:46

user93353

2,348
3
28
49

Most Popular