Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
12
votes
1 answer

Sending KCV (key check value) with cipher text

I was wondering why it is not more common to send the KCV of a secret key together with the cipher text. I see many systems that send cipher text and properly prepend the IV to e.g. a CBC mode encryption. Wouldn't it be easier to prepend another…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
12
votes
5 answers

Why do we need asymmetric algorithms for key exchange?

In SSL protocols, both symmetric and asymmetric algorithms are used. Why is it so? The symmetric algorithms are more secure and easier to implement. Why are asymmetric algorithms usually preferred in key exchange?
user5507
  • 1,933
  • 5
  • 21
  • 29
12
votes
2 answers

Can one implement AES on 4-bit microcontroller?

It is possible to implement AES on 4-bit microcontroller? As far as I know, AES on 8-bit microcontroller are common especially for light weight application such as the RFID. I have yet to come across AES been employed on 4-bit microcontroller,…
cLaRe
  • 171
  • 3
12
votes
3 answers

Associative standard cryptographic hash function

I am looking for a standard hash function which satisfies the following property: A hash function $H(a,b) = F(h(a),h(b))$ with $h$ (within $F$) any standard cryptographic hash function and $F$ an associative function. Is there any standard hash…
Mircea Ionica
  • 123
  • 1
  • 5
12
votes
4 answers

Fast hashing into elliptic curve

Is there a fast algorithm for mapping $n$-bit numbers $s$ (for fixed $n$) into a cyclic subgroup of an elliptic curve (over a finite field) in which the Discrete Logarithm Problem is hard? By fast, I mean it takes about as long as a point addition…
jbms
  • 360
  • 2
  • 8
12
votes
5 answers

Choose a random number that is different from a bunch of other secret numbers

I'm looking for an algorithm where n participants each have a different secret number between $[0..x]$ (and where $x$ is known) and where the participants then select randomly another, non-secret, number between $[0..x]$ which must not clash with…
Cedric Martin
  • 455
  • 4
  • 11
12
votes
1 answer

Why does the PKCS1 RSA private key structure contain more than just exponent and modulus?

The ASN.1 spec for the PKCS1 RSA private key format is as follows: RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 …
user1449
12
votes
3 answers

How to prove identity without revealing identity

Let us say Alice publishes a book under the name of Claire. The book becomes wildly popular and now Bob comes along, claiming to be Claire, to reap all the success. How does Alice prove that she wrote the book (and Bob did not) as Claire without…
Thomas Arildsen
  • 221
  • 2
  • 6
12
votes
2 answers

Generating Encryption Keys from Biometric Fingerprint Templates

How would one go about generating Encryption Keys from Biometric Fingerprint Templates extracted from a fingerprint using either Griaule SDK or DigitalPersona SDK or any other SDK that will return the fingerprint template in either ISO or ANSI…
Joseph
  • 221
  • 2
  • 7
12
votes
3 answers

Is it possible to create an asymmetric cryptosystem where the private keys are not easily verifiable as such?

Plaintext that consists of an RSA key is easily recognizable as such, because it satisfies certain mathematical properties, in particular (See the answer for Why can an encrypted private key be brute forced?): $$d = e^{-1} \mod (p-1)(q-1).$$ Is it…
Ben Page
  • 223
  • 1
  • 5
12
votes
3 answers

How vulnerable is the C rand() in public cryptography protocols?

I just learned about the basics of public cryptography a few weeks ago and I am curious as to why the C rand() function should not be used for crypto schemes. For example, say I want to generate a private key using the C rand() function, along with…
jeffrey
  • 221
  • 1
  • 2
  • 3
12
votes
1 answer

Block cipher and parity of permutation

Can anyone explain the following text passage to me? Most real-world block ciphers build even permutations, because it's hard to build odd ones using small operations (32 bit) on larger (128 bit) block size. I don't understand the connection…
RomeoAndJuliet
  • 175
  • 1
  • 6
12
votes
1 answer

For a one-time pad, which MAC method is information-theoretically secure?

In the the main post about MAC methods it mentions a few methods: Authenticate And Encrypt: The sender computes a MAC of the plaintext, encrypts the plaintext, and then appends the MAC to the ciphertext. Authenticate Then Encrypt: The sender…
lightspeeder
  • 368
  • 3
  • 9
12
votes
4 answers

Can I determine if a user has the wrong symmetric encryption key?

We're using the Objectivity/DB object database with a custom encryption plugin that encrypts serialized objects on disk. Encryption uses AES with a shared secret key held by all users. I would like to be able to provide some guidance to users if…
Barry Wark
  • 223
  • 2
  • 6
12
votes
2 answers

How can I create an RSA modulus for which no one knows the factors?

It's easy to create an RSA modulus where almost no one knows the factors: for example, I can generate two 1024-bit primes $p$ and $q$ and set $n=pq$. If I publish $n$, I will be the only person in the world who knows, or can know, $p$ and $q$. …
Fixee
  • 4,258
  • 3
  • 26
  • 39
1 2 3
99 100