Latest Crypto related questions

Here is a possible way to perform iterative cryptographic hashing twice as fast as in the ordinary way.

Given a compression function $f: \{0,1\}^{a+b} \rightarrow \{0,1\}^b$. Assume the message is of length $4a$ bits after padding. Normally the four message blocks are injected one after another into a data block $x_i \in \{0,1\}^b$:

$$ m = m_0 \| m_1 \| m_2 \| m_3; \; |m_i| = a $$ $$ x_{i+1} = f( ...

This is a question sparked purely by curiosity, wanting to understand a little more about cryptography and authentication. Thanks in advance to anybody taking their time to answer.

Instead of salting and hashing a password, sending it to the server to authenticate yourself, could something like this work? A client generates a private/public key pair from a password and random salt. The public key ...

In Curve25519 we typically have this generator point or base point:

Gx = 9
Gy = 14781619447589544791020593568409986887264606134616475288964881837755586237401
or:
Gy' = p - Gy 
   = 43114425171068552920764898935933967039370386198203806730763910166200978582548

Where p = 2^255-19, the dimension of the prime field Fp in which we evaluate the curve.

What is the order of this generator point?

i.e. what  ...

Consider the following protocol from the book "Network Security: Private Communication in a Public World" by Kaufman et al.

Alice knows a password. Bob, a server that will authenticate Alice, stores a hash of Alice’s password. Alice types her password (say fiddlesticks) to her workstation. The following exchange takes place:

This protocol appears to be secure against both eavesdropping (exchangi ...

I am using a system that relies on base64 encoded ECDSA public keys. I have managed to brute-force a public key that when encoded starts with a word I like. Is it possible for me, given the private key, generate similar public keys?

I am trying to learn attack on hash collision. I guess for this scheme, it might be possible to use messages with different lengths to find a pair of same ciphertexts. An attempt is to use the same first block, and let M1 = M[1] and M2 = M[1]M[2]. Then, it might be possible to find a collision because the first one outputs C[1] and the second one outputs the C[2], but I am a little confused about ho ...

Consider a formulation of LWE where we are given either $(x,S x+e)$ or $(x,u)$ --- where $S$ is an $m \times n$ secret/hidden matrix, $x$ is a randomly sampled $n \times 1$ vector, $e$ is an $m \times 1$ Gaussian error vector, and $u$ is a uniformly random sample --- and told to distinguish between these two cases. This should be hard for classical algorithms, according to the post here. Call this problem ...

how to encrypt using play fair if "i , j" both are in the plaintext? for example Beijing.

In NIST SP 800-90C, it said:"Small deviations in the behavior of the entropy source in an NRBG will be masked by the DRBG output" Why the DRBG can mask the small deviations in the behavior of the entropy source?

Can anyone give the mathematical or reference?

I have taken this implementation of RC4 written in C.

I have 40-bit key and 32-bit IV (both in hex).

So, questions is about KSA step:

1. How should I transform hex key value into the char array? Just convert it to long?

2. Where should I introduce IV? (Some write to concat it with the key, others write that S is already IV)

3. If S is already IV, how should I transform my 32-bit IV into 40-bit array? The ...

Can we make EC ElGamal have multiplicative homomorphic property?