Highest Voted Questions - Cryptography Stack Exchange

77

votes

8 answers

How do I explain zero knowledge proof to my 7 year old cousin?

zero-knowledge-proofs

asked Mar 21 '18 at 07:23

Nathan Aw

2,357
3
18
22

77

votes

8 answers

Layman's explanation of encryption backdoors

In the media, I sometimes read about "backdoors" in encryption algorithms. I'd like to understand what such a backdoor actually consists of. Is it: a) a hidden weakness in the math formulas that can cause security to be broken by brute force in a…

encryption terminology backdoors

asked Feb 17 '16 at 12:11

forthrin

76

votes

4 answers

How come Public key cryptography wasn't discovered earlier?

I became interested in crypto lately and read about symmetric and public key crypto algorithms. I understand how crucial the discoveries of the 1970s like RSA, DES and DH were in advancing the technology. I just don't understand how public key…

encryption public-key history

asked May 25 '18 at 09:03

pls no

919
1
8
7

75

votes

1 answer

Easy explanation of "IND-" security notions?

There are many schemes that can advertise themselves with certain security notions, usually IND-CPA or IND-CCA2, for example plain ElGamal has IND-CPA security but doesn't provide IND-CCA security. The most common ones are the "IND-" ones,…

provable-security chosen-plaintext-attack terminology chosen-ciphertext-attack semantic-security

asked Jul 03 '15 at 11:03

SEJPM

46,697
9
103
214

74

votes

3 answers

Signal vs Telegram in terms of protocols?

Some time ago, the question was asked in chat, why MTProto (Telegram's protocol) is supposedly worse than Axolotl (Signal's protocol) as both protocols have been the inventions of their respective companies, thereby "rolling their own crypto", which…

protocol-design protocol-analysis

asked Dec 20 '15 at 21:53

SEJPM

46,697
9
103
214

72

votes

4 answers

How can I use asymmetric encryption, such as RSA, to encrypt an arbitrary length of plaintext?

RSA is not designed to be used on long blocks of plaintext like a block cipher, but I need to use it to send a large (encrypted) message. How can I do this?

encryption rsa public-key

asked Jul 12 '11 at 19:27

foobarfuzzbizz

3,256
3
24
25

71

votes

3 answers

Why shouldn't I use ECB encryption?

I'm using Java to generate encrypted strings, and I get this warning at build time: ECB encryption mode should not be used So I'm wondering why I shouldn't use ECB and what I can use instead?

encryption block-cipher ecb

asked Dec 22 '14 at 12:20

Rogue

836
1
7
6

70

votes

3 answers

Why Curve25519 for encryption but Ed25519 for signatures?

NaCl and libsodium libraries use Curve25519 for authenticated encryption (actually for sharing a key which is used for encryption) and Ed25519 for signatures. What is the purpose of using different primitives for these operations? Why just not to…

elliptic-curves ed25519 libsodium

asked Sep 01 '15 at 22:16

user10651

69

votes

2 answers

Is truncating a SHA512 hash to the first 160 bits as secure as using SHA1?

I am from a web development background (I don't know an awful lot about cryptography or how the algorithms themselves work), so I am asking this question in simple terms. Consider a hash of the word 'test' using…

hash collision-resistance sha-1 sha-512

asked Jul 26 '13 at 12:11

BadHorsie

823
1
9
11

68

votes

4 answers

Why does the FBI ask Apple for help to decrypt an iPhone?

The current debate of the FBI trying to get Apple to assist in decrypting an iPhone made me wonder: Normally, upon turning on an iPhone, everything is decrypted using a 4-digit pin (or actually, a key that is derived from the PIN with a strong KDF,…

cryptanalysis key-derivation brute-force-attack

asked Feb 18 '16 at 11:38

RocketNuts

1,397
1
13
24

64

votes

5 answers

What's the appeal of using ChaCha20 instead of AES?

I read about ChaCha20 being used in TLS by Google, SSH, and towards standardization in general. What's the appeal of using something other than AES, what with AES receiving dedicated CPU instructions on various architectures to make it so efficent?

tls chacha

asked Apr 12 '16 at 07:10

JDługosz

743
1
5
6

63

votes

5 answers

Technical feasibility of decrypting https by replacing the computer's PRNG

Intel has an on-chip RdRand function which supposedly bypasses the normally used entropy pool for /dev/urandom and directly injects output. Now rumors are going on that Intel works together with the NSA... and knowing that PRNGs are important for…

tls randomness pseudo-random-generator cryptographic-hardware backdoors

asked Jul 14 '13 at 02:39

Luc

1,558
3
19
34

63

votes

6 answers

Why is AES resistant to known-plaintext attacks?

At least it's my understanding that AES isn't affected by known-plaintext. Is it immune to such an attack, or just resistant? Does this vary for chosen-plaintext?

aes block-cipher known-plaintext-attack

asked Dec 20 '11 at 20:03

Jeff Ferland

835
2
7
10

63

votes

2 answers

Why is $H(k\mathbin\Vert x)$ not a secure MAC construction?

If $H(m)$ is a secure hash function, can't we implement a MAC using $H(k\mathbin\Vert m)$? However, it seems the more widely used MACs, such as NMAC and HMAC (both originally defined in Keying hash functions for message authentication) use a much…

hash hmac mac

asked Oct 26 '11 at 20:58

Anne Nonimus

733
1
5
4

62

votes

3 answers

Definition of textbook RSA

What is the definition of textbook or "raw" RSA? What are some of the properties of textbook RSA? How does it differ from other schemes based on RSA?

rsa public-key cryptanalysis terminology

asked Dec 12 '11 at 19:36

Bobby S

1,973
4
23
30

Most Popular