Highest Voted Questions - Cryptography Stack Exchange

11

votes

1 answer

Why do I need to store the salt for generated hashes?

I am new to crypto and authentication so have been doing reading around this and thought that I had a pretty good understanding of how this works. However when implementing my hashing using bcrypt.js I am once again confused. I thought that the…

hash salt bcrypt

asked May 17 '20 at 05:39

Roaders

213
2
5

11

votes

2 answers

Meaning of the term "Key Material"

I am reading specifications from my client that focuses on the topic of security. In these specs, the term key material has appeared many times. I used Google to look for what the term means. Unfortunately few posts explain what it means. What is…

key-derivation terminology pbkdf-2

asked May 08 '20 at 12:16

mac.ma

211
2
4

11

votes

2 answers

In textbook RSA with low public exponent, how big does a random message needs to be?

Assume RSA with a public modulus $N$ of $n$ bits, a small odd public exponent $e$, plaintext $M$ a random non-negative integer less than $2^m$ for some integer parameter $m$, with $M\mapsto C=M^e\bmod N$ (textbook RSA) used for encryption. Inasmuch…

rsa attack

asked Apr 17 '13 at 13:21

fgrieu

149,326
13
324
622

11

votes

1 answer

Correct way to map random number to defined range?

Say that we have a secure random number generation that outputs 32 bit random numbers, so it's output is a true random number between 0 and a MAX. What is the best way to map this random number to a defined range (say I want something random between…

random-number-generator

asked Apr 15 '13 at 09:28

AndroidSec

113
1
4

11

votes

1 answer

Minimizing exchanges for ZK proof of a message with given SHA-256

Consider the problem of proving knowledge of a message $m$ which has a certain public SHA-256 hash $h$, without disclosing $m$ or usable information about it, while minimizing the information exchange (across a bidirectional channel assumed to…

hash zero-knowledge-proofs sha-256

asked Jan 10 '20 at 07:09

fgrieu

149,326
13
324
622

11

votes

5 answers

Suppose I capture encrypted data that I want to decrypt. Could I use a server farm to decrypt?

For argument's sake, let's say that I'm a bad actor who produces malware. I've infected around 10,000 computers and smartphones with my malware, which runs in the background and can be used to make someone else's machine run calculations for…

public-key

asked Nov 21 '19 at 14:34

NegativeFriction

229
2
6

11

votes

2 answers

Advantages and disadvantages of hash-based signatures

We know hash-based signatures (Winternitz signature, HORS(T) signature) that are quantum-safe and efficient. They can be stateful or stateless, one-time or multiple-time. But why are they not widely used in practice? Or maybe they are, please tell…

hash-signature one-time-signature

asked Oct 28 '19 at 01:00

Laura

377
2
11

11

votes

1 answer

Most influential/illuminating papers/books/courses on lattice based cryptography?

I'm interested in some sort of "compendium" on lattice-based crypto. There are a bunch of maths behind FALCON and other stuff. A lot of articles are devoted to lattice crypto, but not of them are of paramount importance. The other problem is that…

lattice-crypto literature

asked Sep 14 '19 at 20:06

Kirill Tsar.

609
4
13

11

votes

3 answers

Accelerating SHA-1

I have a program where computing SHA-1 is the bottleneck. This is using OpenSSL 1.0.0e on a 2.6Ghz 16-core Opteron where I get about 325MiB/s throughput. (SHA1 here is via Andy Polyakov's x86-64 assembly implementation using SSSE3.) If I need to…

hash implementation sha-1 cryptographic-hardware performance

asked Sep 20 '11 at 16:30

Fixee

4,258
3
26
39

11

votes

4 answers

Should DES be avoided when developing new systems?

According to wikipedia… DES is now considered to be insecure for many applications However, since it can be broken relatively easy, should it not just be avoided for all applications?

des

asked Jul 13 '11 at 10:15

Shiraz Bhaiji

635
1
5
9

11

votes

2 answers

Are interactive proofs more secure their non-interactive counterpart?

Given an interactive zk proof, if we use fiat-shamir to make it nizk proof, does the proof become less secure? Are there any new attack vectors that get introduced? Is there any reason to use the interactive version over the non-interative version?…

zero-knowledge-proofs provable-security

asked Jun 18 '19 at 13:23

WeCanBeFriends

1,383
11
21

11

votes

1 answer

Are DSA and ECDSA provably secure assuming DL security?

Is there proof that the DSA construction, also used by ECDSA, is secure assuming that discrete logarithms in the relevant group representation are difficult?

provable-security dsa

asked Jun 03 '19 at 19:46

Myria

2,635
15
26

11

votes

1 answer

Is Curve P-384 equal to secp384r1?

I am a bit confused with different notations of elliptic curves. Specifically, I am comparing the NIST specification with the SECG specification. More specifically I want to know if the NIST curve $Curve P-384$ (NIST D.1.2.4) corresponds to…

elliptic-curves

asked May 29 '19 at 08:50

grees

411
1
4
11

11

votes

3 answers

Smallest Guaranteed hash collision cycle length

If I take the sha-256 of an empty string, and apply the hash function $2^{256}!$ times, will I end up with the same hash that I started with? Is the smallest required cycle equal to the LCM of $1$ to $2^{256}$?

hash

asked May 11 '19 at 16:18

William

235
1
6

11

votes

2 answers

Measuring entropy for a ciphertext only attack

When bruteforcing a password (e.g. the common attacks on DES), where you have ciphertext only, you need a way to assess whether a decrypted plaintext is the right one. I believe the EFF DES machine does this by checking if the chars are printable. …

entropy brute-force-attack statistical-test ciphertext-only-attack

asked Sep 16 '11 at 09:32

S. Robert James

329
4
8

Most Popular