Highest Voted Questions - Cryptography Stack Exchange

12

votes

1 answer

Why can an elliptic curve private key be 1?

I often see in papers (e.g. this one) that for an elliptic curve with generator point $G$ and order $n$ the private key $d$ can take on any integer value in the range $[1, n)$. When $d = 1$ the corresponding public key $Q = dG$ is of course then…

elliptic-curves

asked May 24 '16 at 18:33

puzzlepalace

4,082
1
22
45

12

votes

4 answers

Do I need to worry about timing attacks in Base64 encoding/decoding of private keys?

Do I need to worry about timing attacks in Base64 encoding/decoding of private keys? This is a common operation (ex. PEM keys) and is variable time in typical implementations.

keys timing-attack encoding

asked May 23 '16 at 06:15

Demi

4,853
1
22
40

12

votes

2 answers

What is the difference between PBE and symmetric key encryption?

What is the difference between PBE (password based encryption) and symmetric-key algorithms? My understanding is that symmetric-key algorithms like AES and Twofish are used in PBE. Hence PBE is just a technique which employs symmetric-key…

symmetric terminology

asked Apr 05 '16 at 16:36

Rahul Khimasia

223
1
3
8

12

votes

1 answer

On Linux, does /dev/random unblocking imply that /dev/urandom is seeded?

Linux has the familiar problem that /dev/random blocks too much (insisting on being information-theoretically secure), while /dev/urandom doesn't block enough (it will return data before it's been adequately seeded). The new getrandom() system call…

implementation randomness

asked Mar 27 '16 at 15:23

Daniel Franke

361
1
11

12

votes

1 answer

Why x00 is usually avoided in salt?

In .NET Framework, there is a cryptographic Random Number Generator (RNG) provider which enables to generate a cryptographically strong sequence of random bytes. This provider contain, among others, two methods: GetBytes which generates a sequence…

hash implementation salt database

asked Jul 31 '12 at 13:11

Arseni Mourzenko

223
1
6

12

votes

2 answers

Distribution of hash values

I was wondering if the uniform distribution of hash values is a generally required criteria for cryptographic hash functions. The english wikipedia article only mentions four main properties. But it looks like the commonly used algorithms show a…

hash

asked Mar 04 '16 at 16:43

masinger

463
4
9

12

votes

1 answer

How does the index of coincidence work in the Kasiki test?

I'm starting to learn about cryptanalysis and I am having a bit of difficulty understanding the Kasiski test's index of coincidence. I have a book (Cryptography Theory And Practice by Douglas Stinson) about it that I'm going through, but it seems to…

cryptanalysis classical-cipher index-of-coincidence

asked Aug 05 '11 at 17:21

norman

121
1
1
3

12

votes

5 answers

Is an android encrypted SDcard readable/decryptable easily by a desktop machine?

If I encrypt my SDCard on my android phone using the built-in encryption software, and my phone dies for whatever reason, would I be able to easily by just using the pin/password to access that data later on my desktops [OS X, Windows and Linux]?

encryption

asked Feb 17 '16 at 09:25

McGafter

253
1
2
9

12

votes

4 answers

Why should the RSA private exponent have the same size as the modulus?

Consider the generation of an RSA key pair with a given modulus size $n$ and a known, small public exponent $e$ (typically $e = 3$ or $e = 65537$). A common method is to generate two random primes numbers of size $n/2$ (or very close), and check at…

public-key rsa

asked Jul 18 '12 at 18:14

Gilles 'SO- stop being evil'

20,442
4
54
97

12

votes

3 answers

What is the difference between SHA-3(Keccak) and previous generation SHA algorithms?

SHA-1 and SHA-2 share the same structure and mathematical operation as their predecessors - SHA-0 and MD5. Both SHA-0 and MD5 have been broken. This is one of the main reasons why SHA-1 is considered insecure and is being phased out for SHA-2. NIST…

hash algorithm-design sha-1 sha-2 sha-3

asked Feb 04 '16 at 15:48

prakharjain

303
1
3
10

12

votes

3 answers

Are there reasonably secure online voting implementations e.g. for student council elections?

Assume a university want to elect the student council. This was done via paper ballot and there is a need to reach more students for voting, so electronic voting is on the table. While researching existing solutions I came across Helios: helios…

voting

asked Jan 27 '16 at 00:15

kei1aeh5quahQu4U

223
1
4

12

votes

1 answer

Hash function from narrower block cipher operated in CBC-encryption mode?

I am trying to build a public hash function (thus collision-resistant and preimage-resistant, and more generally behaving like a random oracle), with input a message $M$ of fixed size $|M|=m\cdot b$ bits, and output the hash $H(M)$ of fixed size…

hash block-cipher

asked Jul 10 '12 at 21:43

fgrieu

149,326
13
324
622

12

votes

3 answers

AES Inverse Key Schedule

I have a 128-bit input-block and the corresponding cipher-block given. Additionally I have the last round-key given. Is it now possible to get (calculate) the associated cipher-key? I already implemented the normal key-schedule with the rcon to…

aes block-cipher key-schedule

asked Dec 22 '15 at 17:56

Tom

121
1
4

12

votes

0 answers

Why SIVP Is Worst Case Problem?

I just started to study lattice Cryptography. I'm now studying worst-case to average-case reduction for SIS. In previous question, "worst means any and average means random". And I wonder why the Shortest Independent Vectors Problem(SIVP) is the…

lattice-crypto

asked Dec 17 '15 at 06:46

Jonghyun Kim

497
2
8

12

votes

2 answers

Is it possible to recover an RSA modulus from its signatures?

Let's say that you have some small number of RSA signatures of known data: you know some pairs $(m_k, c_k)$ such that ${c_k}^e \equiv m_k \pmod n$. If you know $e$, because probably it's one of $\{3, 17, 65537\}$, is it possible to recover $n$?

rsa modular-arithmetic

asked Nov 04 '15 at 03:25

Myria

2,635
15
26

Most Popular