Highest Voted Questions - Cryptography Stack Exchange

36

votes

2 answers

Using the same secret key for encryption and authentication in a Encrypt-then-MAC scheme

Is it a weakness to use a single shared secret for protecting messages using a Encrypt-then-MAC scheme? Assuming a system is using AES-256-CBC and a SHA1-HMAC and the same secret key for both operations. Upon intercepting one of these messages…

hmac authenticated-encryption padding-oracle

asked Apr 22 '13 at 22:43

Rook

1,506
1
13
22

36

votes

1 answer

Is a hash a zero-knowledge proof?

I’m trying to wrap my head around zero knowledge proofs, but I’m having trouble understanding it. In my current understanding, zero-knowledge proofs prove to the recipient that the sender has a certain knowledge without disclosing it. Like trying to…

zero-knowledge-proofs

asked May 28 '19 at 18:58

vrwim

508
4
7

36

votes

2 answers

Largest integer factored by Shor's algorithm?

I'm studying Shor's quantum factoring algorithm. I was wondering what the largest integer is which they were able to factor with a small quantum computer. Does anybody have an idea about this?

rsa key-size quantum-cryptanalysis shors-algorithm

asked Jun 05 '18 at 08:32

Robbe Motmans

493
1
4
4

36

votes

5 answers

What security do Cryptographic Sponges offer against generic quantum attacks?

In the face of non-quantum attacker, Keccak[r=1088,c=512] with 512 bits of output provides: Collision resistance up to $2^{256}$ operations Preimage resistance up to $2^{256}$ operations Second preimage resistance up to $2^{256}$ operations In…

hash post-quantum-cryptography sha-3 keccak sponge

asked Aug 16 '11 at 16:22

Nakedible

1,460
11
15

36

votes

1 answer

What exactly is a "garbled circuit"?

There are plenty of questions here about the details and how-to's of "garbled circuits", but I have not seen anything that defines what garbled circuits are. What exactly is a garbled circuit? What are they intended to be used for? What are their…

garbled-circuits

asked Jul 27 '16 at 18:15

Ella Rose

19,971
6
56
103

36

votes

2 answers

HMAC-SHA1 vs HMAC-SHA256

I have three questions: Would you use HMAC-SHA1 or HMAC-SHA256 for message authentication? How much HMAC-SHA256 is slower than HMAC-SHA1? Are the security improvements of SHA256 (over SHA1) enough to justify its usage?

hash hmac sha-256 sha-1 sha-2

asked Apr 03 '14 at 23:48

Mario

361
1
3
3

36

votes

4 answers

What is a Non-Interactive Zero Knowledge Proof?

I understand the concept of a Zero Knowledge Proof thanks to the easy to understand analogy of Alibaba's cave. However, this seems to require interaction between the verifier and the other party. I have not found an explanation of non-interactive…

zero-knowledge-proofs

asked Feb 06 '14 at 16:17

BBedit

491
1
4
5

36

votes

3 answers

Practical disadvantages of GCM mode encryption

It seems that GCM mode encryption has a clear advantage over CBC + HMAC in the sense that it only requires a single key. But it seems that there are some experts here that do not trust it enough to recommend it. This question is a call to those…

modes-of-operation authenticated-encryption gcm side-channel-attack

asked Oct 04 '13 at 22:13

Maarten Bodewes

96,351
14
169
323

35

votes

10 answers

Encryption that purposefully take hours to decrypt

My problem: I want to block sites on my router. I want to generate new password for my router after blocking sites. This new password I want to encrypt. But to decrypt it, I want it to take 2 to 8 hour to decrypt. Is there any solution that could…

encryption

asked Apr 19 '20 at 03:57

Matt Rybin

469
1
4
5

35

votes

7 answers

Is Diffie-Hellman mathematically the same as RSA?

Is the Diffie-Hellman key exchange the same as RSA? Diffie Hellman allows key exchange on a observed wire – but so can RSA. Alice and Bob want to exchange a key – Big brother is watching everything. Bob makes a fresh RSA key pair and sends his…

rsa key-exchange diffie-hellman

asked Sep 27 '11 at 15:03

joe armstrong

35

votes

2 answers

How secure is SHA1? What are the chances of a real exploit?

I read that, in February 2017, a SHA1 collision was calculated for the first time. This, and earlier theoretical proof, means that SHA1 is officially cryptographicaly insecure. But, when using SHA1 in a protocol (SAML assertions in my case), both…

hash collision-resistance sha-1

asked Jun 14 '17 at 16:21

Rob van Laarhoven

453
1
4
8

35

votes

4 answers

Is there a standard, or widely accepted convention, for magic constants in crypto software?

Inspired by Magic "Nothing Up My Sleeve" Numbers - Computerphile - YouTube [5:31]. If you just need a constant to begin your algorithm, and the value of that constant isn't important, why not have a widely known convention to always use the digits…

algorithm-design constants

asked Apr 19 '17 at 15:22

Low Powah

451
4
4

35

votes

5 answers

Why is padding used for RSA encryption given that it is not a block cipher?

In AES we use some padded bytes at end of message to fit 128/256 byte blocks. But as RSA is not a block cipher why is padding used? Can the message size be any byte length (is the encrypting agent free to choose) or must it be a certain byte…

rsa padding

asked Aug 23 '12 at 12:45

mario

369
1
3
4

35

votes

3 answers

Why we can't implement AES 512 key size?

Out of curiosity why we can't implement AES 512 key size? Please explain somehow i can understand! I'm not an expert.

aes

asked Nov 14 '14 at 16:59

hamedb71

551
2
6
13

35

votes

1 answer

Should I use the first or last bits from a SHA-256 hash?

I have the need for a hexadecimal token that is smaller than the normal length of the hexadecimal representation of a SHA-256 hash. Should I take the first bits or the last bits? Which of them contain the most entropy?

hash sha-256 entropy

asked Jul 18 '11 at 11:40

Peter Smit

453
5
7

Most Popular