# Questions tagged as ['aes']

AES (Advanced Encryption Standard) is a symmetrical block-cipher algorithm with a 128-bit block size, and key sizes of 128, 192 or 256 bits.
Score: 1
Can attacker steal data from AES encrypted table without knowing the key?

I think of a situation that attacker can steal data from AES encrypted table without knowing the key. I tried to search on internet but found nothing about this(may be I were not using the correct keyword), really appreciate if any one can shed some light on it.

Assuming that the table is encrypted with same key but different IV:

1. Attacker signs up for a new account in an application normally.
2. Application ...
Score: 1
Where to store salt for PBKDF2 and initialization vector for AES via WebCrypto

I would like to build secure notes via javascript and webcrypto.

I have found the possibilities to generate strong key via `PBKDF2` and encrypt data via `AES`.

Here is a sample how to generate key via PBKDF2 in webcrypto, where is required salt:

``````function getKey(keyMaterial, salt) {
return window.crypto.subtle.deriveKey(
{
"name": "PBKDF2",
salt: salt,
"iterations": 10 ...``````
Score: 1
Is it okay to avoid a plaintext IV in AES?

### The scenario

Using AES 256 with CBC mode. (Authentication is done separately. Ignored here.)

### The goal (explained more later)

To avoid sending an unencrypted IV.

But since this is being done using .NET whose function forces us to use an IV, we can't just prepend 16 random bytes and then toss away the first 16 bytes after decryption.

### The plan

Prepend 16 random bytes ("IV1"), and besides that use 16 b ...

Score: -1
How expensive is it to migrate from AES-128 to AES-256

How feasible would it be to migrate from AES-128 to AES-256?

Score: 1
In AES-256, what exactly forms the extension field \$GF(2^8)\$?

My question is a little difficult to describe, so let me first start with an analogy

In an elliptic curve over a finite field, there are 2 groups - the first group is a finite field over which the elliptic curve is defined. The 2nd group is the group which is formed by all the points of the elliptic curve. These are the 2 different groups.

My actual question:

In AES256 we use a polynomial to represen ...

Score: 1
Do I need to change IV in AES-256 GCM when I only use encryption for challenge-response exchange with random string?

When I want to use encryption only for challenge-response exchange and not for hiding the contents of an encrypted message, is it still a threat to me not changing IV for new encryption?

For easier understanding why I ask this here is my situation:

I'm using two Arduinos with LoRa transceivers to communicate with each other. One is a bridge connected to the internet and the other is connected to servos ...

Score: 0
how to break AES

why is breaking a (asymmetric) 1024 bit RSA key less difficult than breaking a 128 bit (symmetric) AES key? Breaking RSA key involves finding the prime factors of a large number. What is involved in breaking an AES key?

Score: 1
Why can't we have AES512 or more?

Look I know AES256 is ridiculously secure but to keep aes secure even after quantum computers, I have a concern.
Using the Grovers theorem aes can be reduced from 256 to 128 bits for brute force attack which is also pretty strong but I don't want to be limited to it
Is it (atleast in theory) possible to implement aes512, aes1024, etc...
I mean what's stopping us like for 128bit aes we use 10 rounds of ...

Score: 3
Why is confusion and diffusion never talked about in asymmetric crypto?

While talking about symmetric encryption schemes like AES we always have a goal of achieving confusion and diffusion. But when it comes to asymmetric encryption schemes like RSA, DH etc. we never talk about diffusion and confusion.

Is it known that modular arithmetic and prime arithmetic ensure confusion and diffusion?

Is there any literature that dives into the information theoretic analysis, in te ...

Score: 0
How does AES-256 works if AES is only a 128-bit block cipher?

I'm currently studying AES encryption and I'm quite confused on how do we use a 256-bit key in AES?

Becuase in my understanding, AES no matter what the key size is, it still operates and encrypt a 128-bit block of message only in the whole cycle/rounds until it reaches the end.

well for AES-128 we use a 128-bit key that is total of 16 byte char, and that can be represented by a 4x4 matrix, and most  ...

Score: 1
AES-CBC Hash Function Collision Resistance

I am using AES-CBC as a hash function which is encrypting a block of length n. The blocks, m = (m1, m2, ..., mn). The IV is one block long and the encryption key is length 128, 192 or 256 bits.

Will I get collisions? And if so, how could I find examples?

I expect to find collisions every 2^(n/2) hashes but I don't imagine this would allow me to find any matches in the next 10000000 years.

Score: 2
What is the main problem with zero padding for AES key?

I am trying to understand the logic behind some basic principles of AES key padding. Why do we use different kinds of AES key padding schemes instead of the simplest zero-padding? Take AES-128 for example, if my key is "cipherkey", How does the padding work, and what is the problem behind it?

Sorry if the question is too elementary, but I fail to find a good explanation of it.

Score: 0
What is the need of substitution and permutation networks in AES?

I have tried to answer this question for quite some time now. But a complete intuitive understanding still eludes me.

Consider an alternate construction for a block cipher without any substitution and permutation network. This block cipher just XORs the message blocks with different keys which are derived from a master key(similar to ECB mode but with different keys for each message block). If t ...

Score: 0
recover plain text from cipher text in AES-128 ECB mode

I have a scenario where I do not have the key but I have plaintext 1, ciphertext 1, and ciphertext 2. Ciphertext 2 is built using the same key that was used to build ciphertext 1. Is there somehow a way to decrypt ciphertext 2 to get plaintext 2?

Score: 3
Is it safe to use AES-CCM only for authentication - i.e. for sending AAD without encrypted data?

We are employing an AES-CCM 128-bit stream-cipher with 7-Byte Nonces and 12-Byte Authentication Tags in a communication protocol. Up until this point there was no need to use Additional Authenticated Data (AAD) in this protocol, as all transmitted data - apart from the Nonce - was encrypted.

In the meantime, some new networking-related requirements came up which may require one message-field to b ...

Score: 3
Encrypt/Cipher and Decrypt/Decipher a string with a secret

In developing an app I have a simple use case in where I want to encrypt/cipher a string (it could also be a couple of bytes because it's essentially just an IP-Address). On the output I think it would be best to have a hex-string (thinking of the old md5-hashes). No one who hasn't the private key shouldn't be able to decrypt/decipher the IP-Address.

The flow is as follows: I have a string (IP-Ad ...

Score: 1
Two-way encryption algorithms similar to bcrypt

I'm in need of an algorithm that can perform a very specific task: take a short string, encrypt it using an algorithm which can be scaled to keep up with Moore's Law/has a proof-of-work factor/is unusually slow, and then, later, decrypt it at the same time cost.

The use case is a list of email addresses being stored for a mailing list by a security-conscious client, to be decrypted one at a time  ...

Score: 2
How can we link AES with Elliptic Curve Diffie-Hellman Key Exchange Method

Actually, I am working on a project to combine symmetric and asymmetric cryptographic algorithms.

The shared secret key for AES will be generated through the Elliptic Curve Diffie Hellman Key Exchange (ECDH) Method. I have one question that ECDH will generate a shared secret key of 256 bit or more length key. For AES-128 I need a secret key of 128 bit but ECDH is not generating the 128-bit key.

So h ...

Score: 1
RSA encrypt an AES key. What about the AES IV?

I need to securely pass an AES key to a remote client. What I did so far is to generate a random AES key and encrypt it using the RSA public key of the client (PKCS#1 v1.5 padding is taken care by the RSA library I'm using, CryptJS).

I didn't realize that AES requires the key but also an IV. I don't know what's the correct way of dealing with the IV. Should I encrypt it as well and basically send ...

Score: 1
Block cipher design criteria when specifying key size

For a given block size of N bits, the total number of possible permutations is (2^N)! In order to select from any one of the possible permutations, the key would have to be of length log2((2^N)!) which is typically much larger than N. Given that AES has a 128 bit block and can have a key length of 256 bits, the AES block cipher is only using a small sub-set of all possible block permutations.

My ...

Score: 1
Can you decode aes by hand if you have the key?

I made a javascript aes encryption program and I do have the key to what I encrypted. Is there a way to use that key and figure out what was encrpyted without help of a program? I encrypted "Hello" with the key 2892 and got EQ/9Yt/IvIAmtF0wKYbb3+XYUOKuKlxJ. Is there a way to apply the key to the characters and fully decode what it says without making a program to do it for me? This is just so I can prac ...

Score: 0
How can a concatenation of \$N\$ block-cipher with known keys be more secure?

General problem / Intro: encrypting the (computable) relation in between two random numbers which are members of a as small as possible set while anything except the order of execution is known to the adversary.
This question is about solving that problem with a concatenation of block-cipher.

Simplification:

• we only consider block-cipher which are similar to AES
• instead of $$N$$ different block-ci ...
Score: 0
How to choose between AES256-GCM, XSalsa20Poly1305 and XChaCha20Poly1305?

In libsodium, there're 3 symmetric encryption(stream cipher) which are AES256-GCM(Hardware-accelerated), XSalsa20Poly1305 and XChaCha20Poly1305(uncertain which version of libsodium add support to XChaCha20Poly1305).

Considering that AES256-GCM will be a primary choice if hardware supports it as it's an industry standard which commonly seen in file storage or any other applicable platform.

AES256-GCM ...

Score: 1
Can a block-cipher considered secure if a bit-change of the input leads to a 50% chance change for every single output bit? -> round number?

Block-cipher use self-inverse ($$f(f(x)) = x$$) operations which then will be applied to the plaintext and most likely contain some constants which can be based at a key. To get security such operations which interpret the input in different ways are aligned to each other. This process gets repeated multiple rounds with different keys. In optimal case a random input lies inside a closed cycle (if b ...

Score: 1
Key rotation and versioning for encryption at rest

I'm working with a dev team who are implementing encryption at rest at the application level. It's for particularly sensitive fields inside an RDB. (The underlying DB storage has an additional layer of encryption, but that's off topic here.) We're using a Spring's AesBytesEncryptor and related classes for that.

We have not fully solved key rotation yet, and i'm investigating how to do that in a secure ...

Score: 1
Generate unique random values for unqiue input values

I'm going to generate unique random values based per a range of unique input values.

In other words I have range of input values which these numbers are part of a series (like a range of serial numbers which are increasing one by one) and there are no duplicate values among them. I want to generate random values based per each of input values which there should not be any duplicate values in output  ...

Score: 1
What is aes in "operational mode"

I'm currently reading this report on the security of the IOT protocol "LoRaWAN".

On page 3, it says the following:

``````LoRaWAN relies on AES cryptography algorithms combined with operational mode
``````

Is this an actual mode of operation for AES, in the same way that CBC or ECB is?

Or is it perhaps that the term "operational mode" is often used to describe a certain mode of operation?

Score: 0
Using AES.MODE_EAX for AES Encryption

I am currently attempting to perform AES encryption in Python on a larger size file for simulation purposes. At the moment, I have been trying to use AES.MODE_EAX, as mentioned in the documentation for AES: