Latest Crypto related questions

These days I found myself thinking about the implications of padding or not padding block cipher modes that act like additive stream ciphers (I meant OFB, CTR, GCM etc). Let's call additive modes.

You know, people hooked on crypto tends to be I little bit paranoid... Well, at some point of my ruminations about the pros and cons of padding when using those additive modes, maybe I got found a "cons" that le ...

Are there any security concerns with using RSA in “CBC mode”?

Specifically: if I use RSA encryption as my block cipher operation, and apply the standard CBC mode operations including a random IV, will the resulting cipher text provide the same level of theoretical security as the underlying RSA problem?

I am only considering RSA on its own. No padding scheme. I know traditionally RSA is insecure ...

In a public-key system using rsa, you intercept the ciphertext c = 15 sent to a user whose public key is e = 5, n = 35. What is the plaintext m?

In my calculations m=15. But i dont think my calculations are correct

I had an idea to make XTS mode parallelizable at CPU level.

Let's suppose I take two AES-256 keys for XTS and encrypt a 512-byte block with this block cipher mode and XOR the output into the plaintext.

Would this encipherment scheme be secure/valid? Would it be safe?

I recently learned of the McCallum-Relyea exchange which allows for a method of key escrow without actually transmitting the key.

It was developed at RedHat and is used by the tang and clevis utilities (and further described here) to allow for automated decryption, in particular for an encrypted root partition for Linux machines. So a client machine could only boot and decrypt its disk if it is on a  ...

I have performed the XOR and the result comes as 1001. Now my confusion is that in standard S-Box (DES) the input is 6 bit where the first and last bit together specifies row and 4-middle bits column. Even if I append two zeros on the left making the XOR result 001001, then row 01 does not exist in the problem. If I don't then row 11 i.e 3 also does not exist.

The permutation table again consists of 4-bi ...

It's not clear from the documentation if the sequence of integers produced by these PRNGs belongs to the uniform distribution.

Also it's look like there is a whole family of RNG algorithms called in a similar manner. Personally I'm mostly interested in xoshiro256** - but no information about distribution uniformity as well.

The protocol SRTP uses by default AES in CTR mode with HMAC-SHA1. For my thesis I want to research if GCM would be a better option. Therefore I read following discussion.

There the answer was that GCM mode is better among other things because GCM just needs one key for encryption and message authentication and CTR+SHA1 needs two for these things.

But can't I use just one key for CTR+SHA1? Couldn't I reu ...

I have been reading the Hasty Pudding Cipher specification and the author make clear that the cipher has some equivalent keys if the keyspace is larger than 8192-bits:

Two keys are equivalent if they expand to the same key-expansion
table.  The likelihood is negligible for keys of size < 1/2 the
key-expansion table size, 8192 bits.  For keys longer than this, some
will be equivalent, but there is no  ...

As I understand it, RSA works as follows:

1. Pick two large primes $p$ and $q$
2. Compute $n = p \cdot q$
3. The associated group $\mathbb{Z}^*_n$ consists of all integers in the range $[1, n - 1]$ that are coprime to $n$ and will have $\phi(n) = (p-1)(q-1)$ elements
4. Select the public exponent $e$, which must be coprime to $\phi(n)$
5. Compute the private exponent $d$ by solving $ed = k\cdot \phi(n)+1$ with th ...