Latest Crypto related questions

In the Linux program Argon2, we need to supply the salt in the command line. This limits the salt to be printable characters. How can we use a binary string as the salt?

# argon2 -h

Usage:  argon2 [-h] salt [-i|-d|-id] [-t iterations] [-m log2(memory in KiB) | -k memory in KiB] [-p parallelism] [-l hash length] [-e|-r] [-v (10|13)]
        Password is read from stdin
Parameters:
        salt            T ...

Usually the requirements for passwords are that they should be salted and use a high number of rounds.

My understanding is:

1. Salting a password is only used to prevent rainbow attacks
2. Using a high number of rounds is only used to prevent brute-forcing short passwords

But if a password is computer generated and only used in an automated way between 2 remote systems, is it safe to salt it, but not hash  ...

Suppose some original material (say a text message, text.txt) is encrypted multiple times, (say using ChaCha20) each time with a different key. Suppose the output of this process is a binary (output.bin). Suppose some third party is attempting to crack the file output.bin. Suppose this third party succeeds in cracking the file output.bin.

Since they have now retrieved the result of the second to  ...

Let $E:\{0,1\}^{128}\times\{0,1\}^{128}\to\{0,1\}^{128}$ be the AES encryption and $R\gets\{0,1\}^{128}$ uniform random bitstring. Would $E'(K,P):=R\mathbin\|E(K,P)\mathbin\|E(K,R\oplus P)$ be IND-CPA?

I am not sure about my opinion, but I think this would not be IND-CPA since $E$ is determistic and $R$ is used twice in $E'$, therefore showing some pattern.

Can someone explain if $E'$ can be IND-C ...

I am trying to develop a simple protocol for two users to verify (with respect to a trusted central authority) that they have (intentionally) met/communicated with each other.

My idea was this: Users own a (public, secret) key pair of any common asymmetric system, such as RSA. Their public key also servers as their identifier. In order for two people to confirm that they have had contact, they wi ...

Let's suppose I insert these two 4-byte words (32-bits) in a feistel S-box with 1024-bytes of size (256*32-bits), (like Blowfish does):

blah bleh

What kind of attacks could possible be made to discover the words faster than brute-forcing the entire S-box (if they exist)?

Does inserting words/bytes in feistel S-boxes have a formula or a reverse operation for recovering the words/bytes without discov ...

Related Problem

Standard Addition-Subtraction Chain (ASC) for an integer $k$ defines the order of addition/subtraction (doubling) operations so that $k$ is finally reached, starting with $1$. This is particularly useful in ECC to calculate $k\cdot P$ via EC point additions/subtractions & doublings. The goal is to find as short ASC as possible, so that minimal number of addition/subtraction/doubling  ...

please verify or explain how to do this properly.

I'm letting a user create keys from the client through a secure server.

I ask the user for a password on the client, then send the hashed password to the server. The server generates fresh keys and encrypts them with the password hash + the generated verification key. The encrypted keys are saved on the server. I return the verification key to the cl ...

From this Wiki page: given a Goppa code $\Gamma(g, L)$ and a binary word $v=(v_0,...,v_{n-1})$, its syndrome is defined as $$s(x)=\sum_{i=0}^{n-1}\frac{v_i}{x-L_i} \mod g(x).$$ To do error correction, Patterson's algorithm goes as follows:

• Calculate $$v(x)=\sqrt{s(x)^{-1}-x}\mod g(x)$$ (this assumes that $s(x)\ne 0$, which is always the case unless $v$ belongs to $\Gamma(g,L)$ and no correction is  ...

In order to try to simplify or alternatively express cryptographic functions I wonder if the modulo function can be alternatively expressed. Could for example a Fourier series of a sawtooth wave or its discretization be useful? What would that look like for a given range and precision?

The NIST is currently trying to select new standards for post-quantum cryptography. The two main categories for the candidates are "Public-key Encryption and Key-establishment Algorithms" and "Digital Signature Algorithms".

The signature algorithms are based on public-key encryption algorithms. Thus, why to separate these two categories ? Is it a matter of implementation, or of performance maybe  ...