Latest Crypto related questions

Suppose I want to create a new protocol for communication between two sides, I want to use the Diffie hellman protocol for exchanging keys & also want to do a few more steps later so that the sides can communicate with each other. I want this protocol to contain exactly 3 messages Is it possible?

For example I have a shadow string

$y$j9T$PaFEMV0mbpeadmHDv0Lp31$G/LliR3MqgdjEBcFC1E.s/3vlRofsZ0Wn5JyZHXAol5

There are 4 parts

• id : y (yescrypt)
• param : j9T
• salt : PaFEMV0mbpeadmHDv0Lp31
• hash : G/LliR3MqgdjEBcFC1E.s/3vlRofsZ0Wn5JyZHXAol5

What does j9T in param field mean? Are there other options in this field?

According to https://www.rfc-editor.org/rfc/rfc4880.html#section-13.9 -> OpenPGP only mentioned about CFB mode.

According to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3729.pdf (section 2.1 and 3.10) -> AES GCM mode is also approved to use

I am going to implement an application follow RFC 4880 My question is: why RFC 48 ...

In my new challenge-project my server once upon a time is broadcasting an "onion" made of three layers encrypted with AES128 (ECB) - 16 bytes long over WiFi.

I am using a WiFi Beacon Frame, to transfer the Onion over the air.

The "Onion" looks more or less like the picture below

Each layer is encrypted with a different key. The keys to each layer are known only to the server and devices which are to  ...

I am compeletely new to cryptography and recently tried to understand it a bit more thoroughly. My question is: How does the Generation of keys differ in the case of AES and RSA. I understood, that the public and private key of RSA can be derive straight-forwardly with some modulo-magic.

What I did understand (at least i hope) is the following:

The key-pair (private and public) is tightly connected to  ...

I know there are some tools to check if a certificate is according to the standards like zlint or if the certificate has been logged. But are there tools that work on the rest of the connection like handshake? Normally it is up to the application or library to check for correct values but consider you have some packet dump and maybe the SSL keylog file. Is there some way to use some other application t ...

I am newbie to cryptography and my college has given me this ECDSA. I know that you have to divide result of: h(m)+r.priv in order to generate signature. But is it possible to generate signature without Nonce or 'K' when I have private key(priv) and a selected r and an hash of message?

For years, truly random numbers at scale has been elusive. Thus I read this recent research https://www.newscientist.com/article/2303984-overloaded-memory-chips-generate-truly-random-numbers-for-encryption/ and https://cacm.acm.org/news/257835-overloaded-memory-chips-generate-truly-random-numbers-for-encryption with great intrigue, anticipation and excitement.

My first question: What are the diffi ...

I'm learning about public key cryptography (asymmetric key cryptography), but from what I've gathered, we basically use public key crypto to just move directly onto private key cryptography (symmetric key cryptography).

Why not just always use asymmetric? (Note: I'm a software developer but not a cryptography expert. I'm just learning and find it fascinating. Thank you)

I refer to questions For a one-time pad, which MAC method is information-theoretically secure?, Seeking clarification of OTP & MAC discussion and this page illustrating various MACi. And the question context is authentication of true one time pads.

The MAC requires one or two secret keys depending on the algorithm. Where should these keys come from in a OTP environment? Should they come direct ...

Fernet is a supposedly idiot-proof, AES-based symmetric encryption scheme that was (again, supposedly) carefully designed to avoid any pitfalls that might compromise security.

I want to use the same key to encrypt multiple files, including modified versions of the same file.

I'm aware that many encryption schemes, especially home-brewn ones, become vulnerable to cryptoanalysis when keys are re-used (si ...

We know that for ChaCha20 and XChaCha20, the same key can never be used with the same nonce. But let's say I use a random 256-bit key every time... Then the nonce can be whatever because the key is always different. Let's say I set the nonce to be all zeros. As long as the 256-bit key is random, then this setup should be secure since 256-bits is large enough to not be bruteforced or be reused.

No ...

In CRYPTO 2021, Liu and Pass published a paper with title "On the Possibility of Basing Cryptography on $\mathbf{EXP} \neq \mathbf{BPP}$.

One of the main results of this work can be interpreted as an indication that the existence of OWFs is equivalent to $\mathbf{EXP} \neq \mathbf{BPP}$. $\mathbf{EXP} \neq \mathbf{BPP}$ is a weak assumpation, what is the relation between this assumpation and the av ...

My context: I have a ECHD protocol, my main concern is MITM attack, it doesn't matters if you do HMAC or anything else in future to sign requests if your key exchange is compromised,

Far from https and third party certificate authority, is it possible to protect this channel, taking in account (supposing https is not safe, and we don't have a certificate authority) from MITM attacks?

What I have in  ...

Let's suppose I encrypt something with AES-256 in XTS mode two times (there will be 4 four keys, 2 for each encryption operation), wanting to achive 512-bits of security.

Will this scheme be susceptible to Meet-in-the-middle attacks?

I'm asking this because there are more operations on XTS mode than only directly encrypting the plaintext.