# Questions tagged as ['keys']

Can someone throw light on the differences between tokens and secret keys? I understand that "tokens" are crypto artefacts "introduced" into a system by an external party in order to authenticate whereas keys can be either generated on the device (for. eg a key pair in case of asymmetric cryptography & corresponding public key can be used externally to authenticate) or a secret symmetric key can be ...

I understand that PRNG are Random Number Generators that uses a deterministic algorithm based off of a seed.

I also understand that CSRNG are PRNG that are cryptographic-ally safe to use for generating random numbers.

And by cryptographic-ally safe, I believe this means that even if an attacker knows the deterministic algorithm and the seed, they would not be able to predict the next random number. ...

It seems there are keys everywhere in cryptography. From things like HMAC to encryption (both asymmetric and symmetric).

The bit I do not totally understand now is how are cryptographic keys generated? I know they have to be random, but is that all the properties required?

Do the method of generation also differ depending on the use case? For example does the generation method differ for keys used i ...

In the cryptography course, the professor said that:

these days for symmetric key encryption, instead of sending out the key, Alice sends the seed to Bob, and then based on that Bob can get the key.

I didn't actually understand the role of the seed, besides, if Bob can generate the key based on the seed so Eve can do the same, right?

I have a question. If I have 2 ciphertexts given and the same key has been used on both. They key lenght is the same as the plaintext and cipherrtext length. How do I decrypt them and find the key. So far I know that c1 + c2 = p1 + p2.

Is it possible to decompose the public key into its own subgroups?
Suppose we know the order `P`

with which the public key was generated `(Qx, Qy)`

How can the public key `(Qx, Qy)`

be decomposed into subgroups of small orders?

I saw in SageMath it is possible to work with `Elliptic Curves`

```
M = EllipticCurve (GF (p), [0.7])
```

I am just getting familiar with `SageMath`

and am having a hard time working on creating a ...

I am trying to write a `SageMath`

script that multiplies two coordinates on Elliptic Curves into one common coordinate.

SageMath Elliptic curves over finite fields documentation

```
p = Number
M1 = EllipticCurve (GF (p), [0,7])
C1 = M1 ([x1, y1])
C2 = M1 ([x2, y2])
C3 = C1 * C2
```

Somewhere they wrote that using sets of the `SageMath`

function it is possible to do this. *How to do it?*

For a given block size of N bits, the total number of possible permutations is (2^N)! In order to select from any one of the possible permutations, the key would have to be of length log2((2^N)!) which is typically much larger than N. Given that AES has a 128 bit block and can have a key length of 256 bits, the AES block cipher is only using a small sub-set of all possible block permutations.

My ...

First, I'm using the settings of https://en.wikipedia.org/wiki/NTRUEncrypt, with $L_f$ set of polynomials with $d_f+1$ coefficients equal to 1, $d_f$ equal to $-1$ and the remaining $N-2d_f-1$ equal to 0; and $L_g$ the set of polynomials with $d_g$ coefficients equal to 1, $d_g$ equal to $-1$ and the remaining $N-2d_g$ equal to 0. The natural numbers $d_f$ and $d_g$ are just fixed parameters of the sche ...

What exactly are keystores?

I understand they are used to store things like private keys, certificates etc. But how exactly is that done? Is it just an encrypted databases where you put all these things? Or is it a single file that keeps all these things? Or is it in more abstract term just a specification (which maybe includes how the file and storage is to be constructed?)

I am trying to understand the Key Scheduler used in RC6 and I have a total of 3 questions. The RC6 Wikipedia page says that the only difference between the RC5 and RC6 key scheduler is that more words are produced from the key in RC6. In my application, I am using w=32bits, r=20rounds and b=16bytes.

My first question is are these are two separate for loops or is the second for loop that iterates ...

I want to use the same seed phrase for severl cryptocoins (Bticoin, Ethereum, Nano, etc.). I understand that each protocol has its own phrase length and possibly a different way of generating the private/public keys from the phrase.

I also understand that if one wallet is comporomised, and the phrase is stolen, it can be used to access funds on any protocol.

But besides that, from a mathematical/cry ...

I was reading a question about symmetric keys here and found the answer quite interesting. It mentions:

Be sure to pass in the raw bytes, and not, e.g., a hex-encoded string

Can someone elaborate on why this is bad? and also in the context of password hashing, is converting a salt to hex before sending it though the HMAC bad, and if so, why?

This is very basic, but what I'm wondering is: I have a few notations of hashing/RSA encryption that I'm unsure of when reading.

PKE(PW, K) With PW representing a password, K representing a 128-bit string and PKE representing RSA, how would this be interpreted? Do I combine the string and password then encrypt that or something else?

Same goes for this, ssk = H(K,NB,NA), where ssk is a secret shared ...

There a 2 examples:

*A block cipher with 128 bits of block size taking a plaintext and a 128 bits key (AES-128).*

*A keyed hash function with 1024 bits of block size in its output, taking a message and a 1024 bits key (Skein-1024).*

If I have a block or message M to process with a PRF and the key size is the same of output block, what are the chances of 2 or more keys among 2^N keys of keyspace generate the ...

If someone found a scrambled BIP-39 24 word sequence how hard would it be to determine the correct sequence that yields someone's wallet.

Are there multiple different unique sequences of the same 24 words that will determine different bitcoin wallets?

How many?

Thanks

Assume an arbitrary secret physical image¹, such as a privately made chemical Polaroid™ similar to this

Is there a feasible and secure way that this physical image could be used as cryptographic key, functionally equivalent to an AES key or RSA private key, without "accompanying² other digital data" beyond the physical image? We'll assume a scanner digitizes the physical image at each use, and all t ...

I'm new to the Cryptography Stack Exchange, so my question might be very naive.

What encryption algorithms are out there that will allow different decryption keys to decrypt the same piece of encrypted data?

For example : If the data that I'm encrypting is just a simple string : `"Test"`

Then applying the encryption algorithm changes it to this : `"532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F ...`

I have been told to design my own algorithm as a college assignment. What I could have come up with was a random cipher. For example:

Suppose my plaintext is: `AND`

So I'll take an array the size of my plaintext and keep on storing random values between 0 to 9.

I will use random values and my array becomes `{3,5,1}`

My encrypted text becomes `DSE`

I have used a random function for generating random valu ...

My transport channel is sufficiently tiny that I don't want to give up 16 bytes for an IV (AES block size). My environment is also resource constrained such that I have no RNG.

I have read over and over about why fixed K and IV are bad, yet the most common 'warning' is that same plaintexts are revealed by same ciphertexts.

My plaintexts will be between 16 and ~300 bytes and will always be unique, ev ...

I'm implementing IDEA encryption and decryption and I'm trying to implement it in different variants(e.g if we didn't do the output transformation or if we don't do full 8-round encryption).

I got the encryption and decryption right for all variants when there is an output transformation, but I'm having trouble in decryption when there is no output transformation.

I know that decryption in IDEA is b ...

I am looking for suitable techniques through which secret keys can be expired after a certain time limit. Is there any such method in cryptography?

We have seven different keys derived from DH key and nonces via PRF in IKEv2 as skd, skai, skar, skei, sker, skpi, skpr. Why different keys are generated for initator and responder for encryption? What are the explicit usage of different keys derived from SKEYSEED in IKE?

For example, ska and skp are defined as "a key to the integrity protection algorithm for authenticating the component messages ...

$\forall k \in \{0,1\}^n,m \in \mathbb{M},F_k(m)$ is defined as follows: $F_k(m) = F'_k(m) \oplus k$. It is known that $F'_k$ is a PRF. Note: is the message space and it's assumed that the key $k$ is generated by some Gen algorithm in a random manner.

Must $F_k(m)$ be a PRF too?

I have an intuition that the answer is yes as it does not feel like changing the distribution of the output, but any kind ...

I have encrypted data in `AES-GCM`

with the `crypto`

API. The `initialisation vector`

is then added to the data, forming a unique encrypted string stored in local-storage. Finally, the secret key is stored in IndexedDB.

Since the secret key is non-extractable I though it was secure enough for most use-cases. To my understanding, an attacker would have to rob both the local storage and the indexed db, fi ...

If a company uses Domain Keys Identified Mail ("sender adds a special signature which includes author name / date signed by RSA Private Key. Receiver verifies the signature by looking up the public key of the sender and ensures that the email's sender name and the date in the regular email header matches the signed name and date in the signature tag") and has an online database with employees public key ...

First I just want to apologize for my lack of knowledge in this system.

The professor kind of gave us an exercise to solve before even going through the lessons. I tired to look at videos online but what I only know how to use a 64 bit initial key.

initial 56-bit hexadecimal key: 'B092EBA02E3798' Give the key K16 (on the last turn) to 64 bits in hexadecimal.

So my question is, do I have to turn my 56 b ...

I realise that s boxes are able to make the transformations done in AES non-linear. However I am unsure how this makes AES secure. For instance if we had no s box then it is possible to calculate the key from a set of linear equations:

$C^1=Ax+k$

$C^2=AC^1+k$

...

$y=AC^n+k$

Where A is the linear transformation, k is the key, C as the intermediate ciphertexts, n as the number of rounds of encryption, ...

I am attempting to manually encrypt a plaintext message (message = MI) using RSA.

I receive an answer of: 33,264 and 21,164.

When I enter the same plaintext into CrypTool to confirm that my calculations were correct, I receive a different answer:

What am I doing incorrect? How can I obtain the same result as CrypTool?

I am trying to figure out how to complete RSA manually. I am trying to encode a simple block message (Mi). I used CrypTool to determine the encryption. When I "manually" computed the plaintext, I obtained a different number than what CrypTool provided. Can someone guide me? Am I doing the manual encryption for RSA correct?