Latest Crypto related questions

Problem:

I'm slightly worried about counter repeats in CTR mode when using random IV.

• If you split it (like half IV, half counter), it increases chances of same IV (it is smaller) and limits message length (if less than half).
• If you start with full block IV, counters may overlap.

I would like to somehow get full block IV and half block counter without overlaps.

Proposed solution:

Instead of using rand ...

From the description of CMAC and HMAC, given the key and the tag, I think it is easy to derive the CMAC message than the HMAC message.

After obtaining the key and tag for CMAC, an intruder can apply repeated decryption to get the blocks of the message until it represents a valid English text (assuming common case). For HMAC, it is difficult due to the brute force required to reverse the hash functi ...

If the data I want to authenticate consists of multiple values and I compute a MAC simply concatenating the values, an adversary can "shift" characters within those values without invalidating the MAC. How is this issue commonly and best addressed?

I have found this existing question about MACing multiple messages, but I feel the proposed solutions do not generalize well for more than two messages.

Schnorr comes again. Will he really break RSA this time? But he still didn't give any concrete examples that can enable us to quickly verify his claim.

I am using a linear feedback shift register (LFSR) in a scrambler configuration as a randomness extractor for a weakly random source. This source is semi-random (aka. Santha-Vazirani source): the bits are correlated and biased (with a min-entropy of ~0.5 per bit). Here is an example of a LFSR in a scrambler configuration (this one is 12-bit while I am using a 32-bit register) with a downsampler:

With the risen popularity of Zero-Knowledge Proofs of Knowledge (ZKPoKs) such as Pinocchio, Groth16 and Sonic, to name some ZKPoKs that are popularly known as zk-SNARKs, I got engaged to understand what is going on behind the hood on these protocols.

The only problem that I encountered is that I do not clearly understand which is the relation ZKPoKs and the underlying scheme on zk-SNAKRKs: Arithmeti ...

I was going through a cryptography course, and I found a question there that: What is the size of the key space of the substitution cipher with 26 letters?

Its answer was 26!

I am not sure what this question means, what does it actually mean by key space with 26 letters, does it mean that our cipher text is having 26 letters or what?

If the SHA256 algorithm is public, why can't attackers use it to create more collisions rendering the algorithm useless?

Given powerful GPU and PC hardware, is it realistic to recover a password in a few hours given a cleartext's MD5? Max chars are 95, and the maximum length of the password is 15 characters.

I need a cryptographic hash function that will hopefully be strong even in 50 years. Performance is not an issue. Calculating and verifying can take a huge amount of time if needed. The size of the hash can be huge too (let's say up to 10MB). Collisions are not a big threat. I mainly want it to be second-preimage-resistant.

Of course I have no problem using one or more existing hashes.

My first thou ...

As we know, ECC using $C_2 = r \cdot G, C_1 = M + r \cdot G$; and decrypt with $M=C_1 - K \cdot C_2$. And sign using point $X$: $X = k \cdot G(x_0,y_0)$. $r = x_0 \cdot K; s = 1 / k \cdot (M + r \cdot d) \mod(n)$; here $d$ is private key, $K$ is public key. and then verify by is true of $r \cdot G == M \cdot G / s + x \cdot K/s$.

Here is my question: can I encrypt using private key (or sign) and  ...

You are given $d\bmod(p-1)$ , $d\bmod(q-1)$ , $\operatorname{invert}(p,q)$ and $p\bmod2^{200}$, the public exponent is $e=65537$.

$\operatorname{invert}(p,q)$ is the answer of $ p*x \equiv 1 (mod\quad q)$

$d$ is the private exponent, the modulus is unknown.

Is there some way to calculate $p$, $q$?

Under which conditions is a large semiprime possible to factor? In particular, is the following 400-digit semiprime actually trivial to factor into primes?

696215515485996326021110048235735766690009451301351348835285866779919978749534047616756663953057484837589572279229199620387332365027451213812840336094363413425937698650137596745220838033701291986988538040607177223279557596320255840289358931328 ...

Being new to cryptology, I'm trying to understand how I would complete RSA encryption by hand. I can only follow the formula so far before becoming very confused.

I want to encrypt the value "123"

First, I am to select 2 primes. I choose: $$p = 101\\ q = 103$$

Next, I compute: $$n = p\cdot q = 10403$$.

After that, I compute: $$\varphi(n) = (p-1)\cdot(q-1) = 10200$$

Now, I want to choose a public expo ...

I am looking to try and decrypt some files from a phone that I no longer have. I've tried to provide some background information here for context purposes.

The files in question were backed up from an Android phone running Android One (technically they are from an SD card (which I still have, but formatted) which was used as internal storage) before it was sent for repair (and was subsequently s ...