Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
46
votes
1 answer

What is a "freestart collision"?

In their work on SHA-1 collisions (cf. the EUROCRYPT-2016 paper “Freestart collision on full SHA-1” by Stevens, Karpman, and Peyrin) Stevens et al show that they are able to generate "freestart collisions" on SHA-1. They say: Even though freestart…
otus
  • 32,462
  • 5
  • 75
  • 167
46
votes
6 answers

Does RSA work for any message M?

I decided to read the original RSA paper A Method for Obtaining Digital Signatures and Public-Key Cryptosystem because of a question I had about RSA (which is not the question I'm about to ask, but may be a question on here at some time) and came…
mikeazo
  • 39,117
  • 9
  • 118
  • 183
45
votes
7 answers

For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash?

When I say similar, I'm referring to the Hamming distance, the Levenshtein distance, or a similar string distance metric that measures how similar or dissimilar two strings are. For instance, are there two plaintext strings with a Levenshtein…
John Ellmore
45
votes
4 answers

Cryptography algorithms that take longer to solve on a GPU than a CPU

I know that Graphics cards are faster at solving algorithms like SHA-256 because of the many builtin processors, but are there Algorithms that take actually longer on a Graphics card than on a modern consumer CPU (Amd/intel)?
user51749
  • 459
  • 1
  • 4
  • 3
44
votes
4 answers

Are cryptographic hash functions quantum secure?

I was reading a paper related to post quantum cryptography. It says that RSA, ECC and ElGamal encryption schemes would be obsolete with the advent of quantum computers. But the hash functions can still be secure. I don't understand how one can…
user38956
44
votes
1 answer

Ciphertext and tag size and IV transmission with AES in GCM mode

I am completely new to using AES in GCM mode of operation, and I have not a very large background in cryptography as well. I have been playing with OpenSSL trying to encrypt and decrypt some messages. From my simple experiments rise the following…
Matteo Monti
  • 1,477
  • 2
  • 14
  • 19
44
votes
5 answers

What is the SSL private key file format?

I was researching about how to encrypt with RSA. I understood everything but not the format of the private keys. In the phpseclib (RSA in PHP), you can import your private key (private.key format) and in the key file there is text like…
tor
  • 563
  • 1
  • 6
  • 10
44
votes
1 answer

Can I remove newlines in a public key?

Can I remove new lines from the RSA public key file to get a one line string? So the question is if the key looks like this AAA BBB CCC or AAA\n\rBBB\n\rCCC\n\r is this the same as AAABBBCCC
xpepermint
  • 543
  • 1
  • 4
  • 5
43
votes
3 answers

Is AES-256 a post-quantum secure cipher or not?

We know Grover's algorithm speedup brute-force attacks two times faster in block ciphers (e.g brute-forcing 128-bit keys take $2^{64}$ operations, not $2^{128}$). That explains why we are using 256-bit keys to encrypt top secrets. But latest…
AES256
  • 447
  • 1
  • 4
  • 4
43
votes
4 answers

Basic explanation of Elliptic Curve Cryptography?

I have been studying Elliptic Curve Cryptography as part of a course based on the book Cryptography and Network Security. The text for provides an excellent theoretical definition of the algorithm but I'm having a hard time understanding all of the…
user5507
  • 1,933
  • 5
  • 21
  • 29
43
votes
3 answers

Why does nobody use (or break) the Camellia Cipher?

If Camellia is of equivalent security and speed to AES, concerns arise. First of all, assuming the above, why is Camellia so rarely used in practice? Why aren't there any breaks in Camellia? Does that mean that Camellia is currently more secure than…
Chris Smith
  • 1,202
  • 1
  • 11
  • 18
43
votes
5 answers

What is the difference between CSPRNG and PRNG?

What is the difference between CSPRNG and PRNG? Is there performance differential between them? For example: We use PRNG for key generation which is very expensive and CSPRNG for IV/nonce in block ciphers which is fast? What is the difference…
randomness
  • 443
  • 1
  • 4
  • 4
43
votes
4 answers

Best way to reduce chance of hash collisions: Multiple hashes, or larger hash?

I would like to maintain a list of unique data blocks (up to 1MiB in size), using the SHA-256 hash of the block as the key in the index. Obviously there is a chance of hash collisions, so what is the best way of reducing that risk? If I also…
Theodor Kleynhans
  • 555
  • 1
  • 5
  • 6
42
votes
12 answers

Is it possible to create a "digital seal" to tell if a document has been opened?

So, in real life we have a handful of ways to leave a physical mark on a packet to know if it has been opened without authorization (eg. you can use 'opened' security tapes, or you can put a signature or stamp right through the envelop opening). One…
Jaime Silva
  • 521
  • 1
  • 4
  • 3
42
votes
6 answers

Is Convergent Encryption really secure?

Recently a company called Bitcasa demonstrated a product of cloud storage. they indicated that they would use "Convergent Encryption" to secure your data and de-duplicate, essentially one copy of the same file between users. From what I can read on…
Justin King
  • 523
  • 1
  • 5
  • 5
1 2 3
99 100