Highest Voted Questions - Cryptography Stack Exchange

12

votes

2 answers

Streaming API to authenticated encryption

In regards to NaCl, I asked DJB he had any intent to add a streaming API to an authenticated cipher. His response was obvious in retrospect, that one should never release a decrypted plaintext before verifying the authenticator. However, this got me…

stream-cipher authenticated-encryption

asked Jan 16 '13 at 20:19

Stephen Touset

11,162
1
39
53

12

votes

2 answers

Why is DES not an ideal cipher?

From Cryptography I on Coursera, Week 2, "Exhaustive Key Search Attacks": Now let's assume that DES is what's called an ideal cipher [...] Of course, DES is not a collection of 2^56 random functions Prof. Boneh doesn't offer any explanation of…

des

asked May 30 '18 at 16:00

0x00

417
2
8

12

votes

1 answer

What is the curve type of SECP256K1?

This is possibly a dumb question. I'm trying to input SECP256K1 curve parameters to a system that expects any custom curve. The form is asking for "curve type". It offers three options: Short Weierstrass Twisted Edwards Montgomery What should I…

elliptic-curves elliptic-curve-generation

asked Apr 19 '18 at 19:25

fernacolo

265
2
6

12

votes

3 answers

Symmetric cipher key size vs number of rounds. Longer key = more secure cipher?

I would have questions related to discussion under this article. Bruce Schneier answered questions regarding key size vs number or rounds: Why do you need more rounds with longer keys? And how did you come up with these seemingly arbitrary numbers…

block-cipher symmetric

asked Apr 16 '18 at 12:42

Jolinar

222
1
7

12

votes

2 answers

Why did Histiaeus tattoo his slave's head?

The story is often told that Histiaeus tattooed a secret message on his slave's head, waited for his hair to grow back, then sent him off to Miletus. Why would he have done this? The story is usually cited as an early historical example of…

history steganography

asked Mar 26 '18 at 18:42

TypeIA

231
2
8

12

votes

2 answers

Why does Signal repeatedly hash the secure passphrase?

Background: I'm working on creating a small program to extract my messages from Signal's newly-added (beta) encrypted backup feature. In the Signal codebase for their Android app, I noticed that instead of just hashing both the salt and passphrase…

hash algorithm-design key-derivation

asked Mar 20 '18 at 19:39

Aster

231
2
6

12

votes

2 answers

Why is SHA-3 a Sponge function?

A sponge function is supposed to be able to generate an arbitrary length of output. Yet, SHA3 (Bouncycastle) constrains me to choose an output length between 224, 256, 384, and 512. Evidently, these are not arbitrary lengths. How then is SHA3 a…

hash algorithm-design sha-3 keccak sponge

asked Mar 11 '18 at 14:00

user56848

121
1
3

12

votes

4 answers

Efficient hardware implementation of real-time asymmetric video encryption

I want to encrypt video directly at the source where it is being captured, e.g. inside a video camera. This way I can transmit the encrypted stream over WiFi securely. I could use AES on the chip inside the camera, but this would be open to an…

encryption public-key

asked Mar 04 '18 at 18:49

Ventures Joe

193
2
8

12

votes

4 answers

Best way to hash two values into one?

I'm trying to hash two unique strings together to create a hash. The most obvious way would be simply to concatenate the two and run a hash function on it: hash = sha256(strA + strB) But I was wondering if this is how most people do it, and if…

hash

asked Jan 30 '18 at 16:13

Vlad

579
1
4
13

12

votes

2 answers

What are the pros and cons of Pedersen commitments vs hash-based commitments?

Obviously, it's possible to create a commitment scheme comm(r, S) by using a hash function H and computing H(S||r). This scheme is secure under the assumption that H is collision and preimage resistant, which (IMO) is a lighter cryptographic…

hash commitments

asked Jan 15 '18 at 19:46

Ian MathWiz

505
3
12

12

votes

3 answers

Has any crypto hash function been proven to be surjective?

This answer claims that "it is not proven that all outputs of SHA-1 are possible." Has any crypto hash function been proven to produce all possible outputs (i.e., to be surjective over the codomain of all possible numbers $[0, 2^n]$, where $n$ is…

hash cryptanalysis algorithm-design

asked Jan 11 '18 at 20:02

Geremia

625
1
5
12

12

votes

2 answers

Why are NaCl secret keys 64 bytes for signing, but 32 bytes for box?

Ed25519 secret and public keys can both be represented in 32 bytes. Why does NaCl use 64 byte signing keys?

elliptic-curves ed25519

asked Dec 31 '17 at 10:20

knaccc

4,880
1
18
33

12

votes

4 answers

How does a client verify a server certificate?

As far as I know, when I request a certificate from Verisign (for example), and after they approved that I is me, they create a certificate (for me) that contains the digital signature and public key. The digital signature is data that was created…

encryption public-key signature tls certificates

asked Nov 11 '12 at 08:37

Royi Namir

263
1
2
8

12

votes

2 answers

Why is there the option to use NIST P-256 in GPG?

I am surely not an expert on the field, but I heard some people say that NIST P-256 somehow has backdoors. I don't know about the seriousness of this claim; maybe it's just a conspiracy theory. If there is some truth to the hearsay, why is NIST…

elliptic-curves pgp

asked Nov 09 '17 at 01:57

Richard R. Matthews

4,545
9
31
49

12

votes

2 answers

Dice vs quantum random number generator

I recently championed quantum key distribution networks. This has led me to also question quantum random number generators. It appears that randomness is randomness, even if made by custom quantum hardware featuring lasers and photon genies. It…

random-number-generator quantum-cryptography

asked Sep 29 '17 at 23:04

Paul Uszak

15,905
2
32
83

Most Popular