Highest Voted Questions - Cryptography Stack Exchange

53

votes

6 answers

Who uses Dual_EC_DRBG?

Recent news articles have suggested that the NSA may be involved in trying to influence the cryptography in public standards or commercially deployed software, to enable the NSA to decrypt the encrypted traffic. For example, see this article in the…

elliptic-curves random-number-generator backdoors nsa dual-ec-drbg

asked Sep 05 '13 at 20:58

D.W.

36,982
13
107
196

52

votes

7 answers

Google is using RC4, but isn't RC4 considered unsafe?

Why is Google using RC4 for their HTTPS/SSL? $ openssl s_client -connect www.google.com:443 | grep "Cipher is" New, TLSv1/SSLv3, Cipher is RC4-SHA Isn't RC4 unsafe to use?

tls rc4

asked Sep 29 '11 at 05:30

Jonas Lejon

621
1
5
6

52

votes

3 answers

What is the difference between a HMAC and a hash of data?

On a recent question it became apparent that there's a significant difference between an HMAC of input data and a hash of input data. What exactly is the difference between an HMAC and a hash of a span of input data?

hash hmac

asked Feb 26 '13 at 20:07

Naftuli Kay

1,007
1
11
14

52

votes

2 answers

Why is SHA-1 considered broken?

Is there a known pair of distinct bit strings (A,B) such that SHA-1(A) == SHA-1(B)? If the answer is no, then how can SHA-1 be considered broken?

hash sha-1 collision-resistance

asked Aug 30 '12 at 22:00

Andrew Tomazos

657
1
5
8

52

votes

5 answers

How to find modulus from a RSA public key?

I am studying the RSA cryptosystem. The public key consists of $(n, e)$, the modulus (product of two large primes), and the encryption exponent. I want to separate the modulus $n$ and exponent $e$. A typical public key is expressed in base64, and is…

encryption rsa public-key keys encoding

asked Jul 07 '14 at 10:21

user3001408

623
1
6
5

51

votes

2 answers

Differences between the terms "pre-master secret", "master secret", "private key", and "shared secret"?

Both crypto.SE and security.SE have excellent Q&As about how TLS generates session keys (I have linked some at the bottom). In reading these threads I'm having troubles with terminology since the following terms seem to be used with overlapping…

keys tls key-exchange terminology

asked Jul 24 '15 at 16:07

Mike Ounsworth

3,717
1
20
29

51

votes

1 answer

What are SNARKs?

What does it mean and what is it used for, I have been hearing this term a lot lately. From the context I've heard it talked about it seems to be connected with zero knowledge?

zero-knowledge-proofs terminology

asked Oct 29 '14 at 20:31

wi1

613
1
5
5

51

votes

5 answers

Can one generalize the Diffie-Hellman key exchange to three or more parties?

Does anyone know how to do a Diffie-Hellman or ECDH key exchange with more than two parties? I know how to do a key exchange between 2 parties, but I need to be able to have a key agreement between 3 or more parties.

diffie-hellman key-exchange algorithm-design

asked Oct 21 '11 at 21:50

hobeau

863
1
10
11

50

votes

8 answers

Is there a simple hash function that one can compute without a computer?

I am looking for a hash function that is computable by hand (in reasonable time). The function should be at least a little bit secure: There should be no trivial way to find a collision (by hand). For instance, a simple cross-sum is not meeting this…

hash pen-and-paper

asked Sep 23 '11 at 21:22

FUZxxl

603
1
5
13

50

votes

2 answers

AES CBC mode or AES CTR mode recommended?

What are the benefits and disadvantages of CBC vs. CTR mode? Which one is more secure?

aes cbc ctr

asked Jan 19 '13 at 12:02

mary

1,071
3
11
13

50

votes

2 answers

AES-GCM recommended IV size: Why 12 bytes?

When using AES-GCM, a 96-bit IV is generally recommended. Most implementations I've seen also use 96-bit. However, I'm unsure on where this recommendation or convention comes from. Let's assume a shorter IV is bad. Assuming all other constraints for…

aes mac initialization-vector gcm

asked Nov 17 '16 at 10:25

Hendrikvh

603
1
5
8

50

votes

3 answers

What are the benefits of the two permutation tables in DES?

Why do we use a permutation table in the first step of DES algorithm and one at the end of the algorithm?

block-cipher des permutation

asked Jul 12 '11 at 18:44

Am1rr3zA

755
1
7
10

50

votes

2 answers

Second pre-image resistance vs Collision resistance

From Wikipedia: Second pre-image resistance Given an input $m_1$ it should be difficult to find another input $m_2$ such that $m_1$ ≠ $m_2$ and $\operatorname{hash}(m_1) = \operatorname{hash}(m_2)$. Functions that lack this property are…

hash collision-resistance 2nd-preimage-resistance

asked Dec 24 '14 at 16:53

ritch

603
1
5
6

49

votes

1 answer

Why do all SSH-RSA Keys begin with "AAAAB3NzaC1yc"?

My friend and I have been generating a few SSH2 RSA keys and noticed all the public keys begin with AAAAB3NzaC1yc, with the similarity extending to AAAAB3NzaC1yc2EAAAABIwAAAQEA between two keys generated on the same machine in two successive…

rsa keys ssh

asked Jan 08 '13 at 17:02

Lord Loh.

705
1
8
12

49

votes

1 answer

AES256-GCM - can someone explain how to use it securely (ruby)

I am looking into using AES256-GCM for encrypting some database fields. I know that for AES256-CBC, I need to generate a new IV for each encrypt, but I can use the same key. The IV can be openly stored alongside the ciphertext (ie, it can be…

encryption aes authenticated-encryption openssl gcm

asked Jul 03 '14 at 22:19

breakingbreadmuffins

491
1
5
3

Most Popular