Highest Voted Questions - Cryptography Stack Exchange

48

votes

4 answers

Security strength of RSA in relation with the modulus size

NIST SP 800-57 §5.6.1 p.62–64 specifies a correspondence between RSA modulus size $n$ and expected security strength $s$ in bits: Strength RSA modulus size 80 1024 112 2048 128 3072 192 7680 256 15360 This…

rsa cryptanalysis factoring key-size

asked Jun 11 '13 at 16:36

Gilles 'SO- stop being evil'

20,442
4
54
97

48

votes

2 answers

How is the Swiss post e-voting system supposed to work, and how was it wrong?

I read that the Swiss post had an e-voting solution developed, made it possible to obtain the source code for review, and that vulnerabilities were found. Apparently we are not talking about the inherent and well-known issues of e-voting: it can't…

implementation voting

asked Mar 13 '19 at 11:40

fgrieu

149,326
13
324
622

48

votes

3 answers

Where and how to store private keys in web applications for private messaging with web browsers

I am working on a web application enabling users to communicate over private messages which is just one part of the whole system. The main focus during my development process is to protect the privacy of my users, I think this should be one of the…

public-key secure-storage keys

asked May 23 '16 at 18:38

user34484

48

votes

3 answers

How does recovering the public key from an ECDSA signature work?

It is possible to recover the public key from an ECDSA signature values $(r,s)$? Please explain how this works.

elliptic-curves dsa

asked Jul 12 '14 at 21:56

Jan Moritz

714
1
6
20

47

votes

2 answers

How to choose between AES-CCM and AES-GCM for storage volume encryption

We are using the encryption built into Solaris 11 ZFS, which offers the choice between CCM (CBC counter mode) and GCM (Galois counter mode). What are the pros and cons of choosing each of these cipher modes?

aes gcm ccm

asked Mar 27 '13 at 12:00

ruief

662
1
5
8

47

votes

7 answers

How can we reason about the cryptographic capabilities of code-breaking agencies like the NSA or GCHQ?

I have read in Applied Cryptography that the NSA is the largest hardware buyer and the largest mathematician employer in the world. How can we reason about the symmetric ciphers cryptanalysis capabilities of code-breaking agencies like the NSA or…

cryptanalysis block-cipher symmetric nsa

asked Sep 01 '11 at 12:15

jokoon

723
1
6
13

47

votes

1 answer

Why use argon2i or argon2d if argon2id exists?

I am currently working on a project where I want to implement Argon2. The problem is that I dont really know a lot about it. Internet research is not really helpful, because Argon2 is only 2 years old so all that really exists are scientific papers…

hash side-channel-attack password-hashing argon2

asked Jul 07 '17 at 16:50

Richard R. Matthews

4,545
9
31
49

47

votes

2 answers

What's the fundamental difference between Diffie-Hellman and RSA?

What is the difference in the purpose of DH and RSA? Aren't they both public-key encryption?

encryption public-key rsa diffie-hellman

asked Jun 11 '12 at 17:47

user541686

1,409
1
11
24

47

votes

2 answers

Is AES-128 quantum safe?

I've been reading lately some contradicting messages with regards to the quantum-safe resistance of AES128. First, there are blog posts by Ericsson people like these ones: Can quantum attackers break AES-128? No. NIST estimates that a quantum…

aes symmetric post-quantum-cryptography

asked Nov 10 '22 at 06:54

Jimakos

795
1
5
11

46

votes

5 answers

Is there a secure cryptosystem that can be performed mentally?

I, myself, do not plan on getting into a situation where I would be unable to use a computer in order to communicate securely. However, I can think of many practical situations in which mental cryptography would be useful. Is there a secure…

encryption passwords pen-and-paper

asked Sep 28 '11 at 18:07

John Gietzen

1,515
2
15
16

46

votes

2 answers

What is the difference between SHA-3 and SHA-256?

I am new about cryptography, I learned that SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST. But I recently saw SHA-256 but I don't get what is it in comparison to SHA-3 ?

sha-256 sha-3

asked Mar 26 '19 at 13:59

Ced

595
1
4
8

46

votes

3 answers

Is Triple DES still considered safe to use?

What it says on the tin. Is it still used in things like TLS?

tls des 3des

asked Sep 19 '17 at 13:36

Melab

4,178
4
24
49

46

votes

3 answers

What are the differences Between “White-Box Cryptography” and “Code Obfuscation”?

I have been reading the question "What is a white-box implementation of a cryptographic algorithm?" and it led to this short article / Q&A which states in question 2: Q2: What is the difference with code obfuscation? Related and complementary…

algorithm-design terminology white-box

asked Aug 12 '11 at 16:58

MByD

688
1
6
10

46

votes

2 answers

What is entropy?

We discuss a lot of topics and use measures of entropy to determine how difficult it is for an attacker to be successful. What does entropy mean in the context of cryptography? How is entropy calculated in the general case?

randomness entropy

asked Aug 11 '11 at 23:29

this.josh

2,037
4
17
13

46

votes

2 answers

What do the magic numbers 0x5c and 0x36 in the opad/ipad calc in HMAC do?

Wikipedia lists the following pseudocode for HMAC: function hmac (key, message) if (length(key) > blocksize) then key = hash(key) // keys longer than blocksize are shortened end if if (length(key) < blocksize) then //…

hash hmac authenticated-encryption

asked Jun 21 '12 at 16:53

sneak

617
1
5
10

Most Popular