# Questions tagged as ['xor']

Let $\mathbb{G}$ be a group of prime order $p$ with generator $g$. Suppose that I randomly pick $r_1,z_1 \leftarrow \mathbb{Z}_p$ and $r_2, z_2 \leftarrow \mathbb{Z}_p$ and $c \leftarrow \mathbb{G}$. Let $\alpha = g^{r_1z_1}g^{c}$ and $\beta = g^{r_2z_2}g^c$. By the semantic security of El-Gamal encryption, both $\alpha$ and $\beta$ are indistinguishable from random numbers ... Suppose that $\alpha$

I read on the page 16 of On the Security of Hash Function Combiners that

the classical combiner for collision-resistance simply concatenates the outputs of both hash functions $Comb_{\mathbin\|}(M) = H_0(M) \mathbin\| H_1(M)$ in order to ensure collision resistance as long as either of H0, H1 obeys the property.

Consider H, a secure internal hash function with 256-bit inputs and 128-bit outputs

...Let F be a PRF defined over $F:\{0, 1\}^n \times \{0, 1\}^n \to Y$.

We say that $F$ is XOR-malleable if $F(k, x \oplus c) = F(k, x) \oplus c$ for all $k, x, c \in \{0, 1\}^n$.

We say that $F$ is key XOR-malleable if $F(k \oplus c, x) = F(k, x) \oplus c$ for all $k, x, c \in \{0, 1\}^n$.

Clearly an XOR-malleable PRF cannot be secure: malleability lets an attacker distinguish the PRF from a random fun ...

I've played around with John The Ripper before and it was able to successfully crack some personal passwords via brute force. However, in those scenarios the "unknown variable" was a password - and the known variable was the encryption method.

In the current scenario, things are a bit different. Now I have a scenario where the 2 input keys are known - and an external tool exists that can convert ...

For any $v$ many $b$-bits vectors $(\mathbf{x}_0, \mathbf{x}_1, \ldots, \mathbf{x}_{v-1}) \in \{\{0, 1\}^b\}^v$, what's the * fastest* way to combine $\mathbf{x}_0, \mathbf{x}_1, \ldots, \mathbf{x}_{v-1}$ into a single number, such that the operation is

*?*

**order-sensitive**E.g. say that $\hat+$ is some method of combining numbers (not necessarily addition, but we can define it however we want). The goal is to ...

Theoretically, is it secure to first encode a string using Base64 and then XOR it with a random key or are there potential weaknesses that could be exploited?

Obviously this doesn't make any sense in practice, but I was curious whether this would be just as secure as XORing and then Base64ing.

Side A generates 16 (high quality) random bytes and performs XOR with a 16-byte secret key, then data transfers to side B, where the same secret key is used to recover the original 16 random bytes.

Is there, by chance, a way to guess the secret key by intercepting the XORed data between sides?