Comment by e-sushi on Which is more secure?...
I’m putting this on hold based on our help center (quote): Do we accept basic level/homework questions? … Yes, we do. However, please provide an indication of what you are not understanding/need...
View ArticleComment by e-sushi on NIST temporarily closed — will that have a negative...
@forest Yep, the question never gets old. ;)
View ArticleComment by e-sushi on Best practices for saving encrypted user data without a...
First things first: I hope you're using TLS (read: HTTPS) for all of this?
View ArticleComment by e-sushi on Best practices for saving encrypted user data without a...
@kelalaka Just Flagged for mod attention as potential migration candidate towards Security.SE.
View ArticleComment by e-sushi on What should I use for consequent AES key derivation?
To find an answer your comment question about the difference between hashes and HKDFs, check Q&As like this one. In short: KDFs must produce results that have certain randomness properties, and be...
View ArticleComment by e-sushi on Using Tweets as a Random seed
@dn3s Not a PRNG — but rather the output of a cryptographical secure hash, which takes its input from multiple hardware sources. And yes, it can be used for seeding purposes (assuming you're not...
View ArticleComment by e-sushi on Why would it be risky to let Huawei build 5G networks?
This question will attract answer which are primarily opinion based, therefore I close-voted accordingly.
View ArticleComment by e-sushi on Why are password database breaches bad if cryptographic...
I'm voting to close this question as off-topic because it belongs to Security.SE due to its focus on the consequences of “leaks” and “breaches”. All in all, it is not cryptography as defined in the...
View ArticleComment by e-sushi on How cryptographically secure was the original WW2...
@Patriot That PDF link? Works for me, just tried it and it downloaded perfectly using both Chrome and Firefox on desktop, and even when using latest FF on Android. Maybe an ad blocking thing stopping...
View ArticleComment by e-sushi on Frequency analysis of transposition ciphers
@Patriot After 5 years, that link is indeed pointing into the void… but using my favorite search engine, I was able to dig up the PDF nevertheless and I’ve updated my answer with a Google Drive link to...
View ArticleComment by e-sushi on How to calculate min entropy of the output of PRNG?
@PaulUszak Since this is "cryptography StackExhchange", it's safe to assume that when we talk about entropy, we are talking about cryptographic entropy. I hope that helps lifting your (quote) "on going...
View ArticleComment by e-sushi on Are there ready-to-use software that can try many...
@Basj Killed my comment. I somewhat disagree about softwarerec being *that" useless for specialized tools, but since you got an answer that satisfied you, I sure don't want to be a party p00per....
View ArticleComment by e-sushi on Luby-Rackoff theorem confusion
@yyyy0000 You might want to check your browser and DNS settings, because that first link — which I have posted in my 2014 comment — is still alive and well. QED: i.stack.imgur.com/xXIDN.jpg (Note that...
View ArticleClik here to view.
Answer by e-sushi for Do any non-US ciphers exist?
Plenty of ciphers come out of the USA from government research or selection competitions. AES and DES are examples.Indeed, the US is known from some crypto-related competitions that were/are open to...
View ArticleDoes any public key crypto support and/or allow a 3rd party "control-key"?
My question is based on the following situation:Bob and Alice work for a company that expects them to exchange data encrypted. They could do so using regular public-key cryptography, but Joe (their...
View ArticleAnswer by e-sushi for How to attack RSA with 13 primes
Could give me method to attack RSA when N decomposes into multiple primesFirst, factor N, e.g. using trial division or Pollard's rho. Next, compute the decryption exponent, or use the method described...
View ArticleAnswer by e-sushi for FIPS 140-2, Level 1 validation vs. compilation
You can convert/cross-compile the code, but that won’t port over any validation or even certification. In the end, a cross-compiled product is a new product –requiring revalidation. Unless such...
View ArticleClik here to view.
Answer by e-sushi for Writing your own Encryption algorithm?
If you really expect it to be … 100% uncrackable…you’ll have to start by abandoning your “keep certain parts private” idea and assume that “the enemy knows the system”.See Kerckhoffs’ principles – Why...
View ArticleAnswer by e-sushi for Is it possible to crack a LFSR encrypted file without...
First up: a 5 bit LFSR is horribly small, so getting the initial seed which was used is a piece of cake.But indeed, it’ll basically boil down to a (rather quick) brute-force job where – unless that...
View ArticleHow exactly is "true randomness" defined in the realms of cryptography?
Especially in relation to stream ciphers, I frequently read about (sometimes theoretical, sometimes practical) attacks that are able to "distinguish a ciphertext from a truly random stream".What's...
View ArticleAnswer by e-sushi for Multiple Encryption - One-Time Pad
Even though you’re encrypting it in some way, you are reusing the key (aka "pad") and thereby violating the OTP definition.Per definition, OTP requires the “key“ to be…a truly random one-time pad...
View ArticleAnswer by e-sushi for How to interpret the article claiming NIST P-256 curve...
Quoting CodesInChaos:P256 is secure, it just lacks some nice-to-have features that make writing a fast and secure implementation easier.
View ArticleAnswer by e-sushi for Is it possible for a cryptographic algorithm to limit...
At first, I tended to agree with @fgrieu that this is not really a "cryptography" question. If, it would belong more into the general information security corner, because – generally – the problem...
View ArticleAnswer by e-sushi for How can I create a stream cipher from a block cipher?
Assuming k is the key (128 bit) and m is the message (128 bit), how can I use the block cipher blockenc(k,m) to make a stream cipher…Probably the easiest way to achieve that would be to use Counter...
View ArticleAnswer by e-sushi for Is there a consensus on what text encoding to use when...
The consensus is: a hash generally expects binary bits as input (practically, most implementations therefore handle it using binary bytes, aka 8-bit unsigned chars in the range 0x00-0xFF) and it will...
View ArticleAnswer by e-sushi for Decrypting SHA-512
A cryptographic hash function like SHA-512 is a “one-way compression function”– so it can not simply be “decrypted” with some tool.Instead, when you are trying to “break“ a hash output like the hex...
View ArticleWhen is an RNG a CSPRNG, a CSRNG, or a TRNG?
In a recent answer to a question about CSPRNGs, it was stated that…Nondeterministic algorithms where there is no such requirement, and ideally could be replaced by a true random generator. Example:...
View ArticleAnswer by e-sushi for Size of A Hashed String Using SHA-512
When hashing a messages of size of n, does the SHA2 algorithm always produce the same sized hashed value?SHA-2 output is always fixed.SHA-512 will always produce a message digest of 512 bits – hence...
View ArticleAnswer by e-sushi for If you wrote a reversible SHA-256 algorithm, how many...
If you wrote a reversible SHA-256 algorithm, how many "metadata" bits would be required for reversability?If you would write such an algo, it would not be SHA-256 anymore. Also, it would lose its...
View ArticleAnswer by e-sushi for How does one verify a GPG/PGP key revocation?
How does one verify a key revocation?As Jon Callas already stated: you simply don’t.In case a different wording helps, here’s a quote related to the exact same...
View ArticleProof for the SHA3 claim that 256 bit security is "post-quantum sufficient"?
On page 14 of "Keccak and the SHA-3 Standardization" (February 6, 2013) it says:Instantiation of a sponge functionthe permutation KECCAK-f7 permutations: b → {25,50,100,200,400,800,1600}Security-speed...
View ArticleIs the software that uses PGP broken, or is it PGP itself?
PGP is all over the news (even on TV) and there seems to be a lot of confusion about it.For the time being, people face articles like Attention PGP users: new vulnerabilities require you to take action...
View ArticleAnswer by e-sushi for What changed in PKCS#1 v2.2, and why?
It's merely an update to align the hashing algorithms. There are in fact no real "consequences" which might have any negative impact as the v2.1 schemes are still supported. The positive impact is the...
View ArticleAnswer by e-sushi for Can someone give me an example of a Merkle–Damgård...
You get it wrong when sayingSince input-output = # of blocks, the 6-bit input should be divided into two blocks, each with the 3-bitsbecause you have a …compression function that takes inputs of 4-bits...
View ArticleAnswer by e-sushi for Desirable S-box properties
Desirable PropertiesFor simplicity, I’m skipping some of the details here… but the main criteria of a good s-box are:It should have balanced component functions,The non-linearity of its component...
View ArticleWhat stops the Multiply-With-Carry RNG from being a Cryptographically Secure...
Despite the fact that Marsaglia's MWC PRNG (multiply-with-carry random number generator) is considered to be "the mother of all RNGs", it does not seem to be considered to be a CSPRNG...
View ArticleDo any (non-hardware) RNGs exist which could be used to create an OTP for...
I've stumbled (jobwise) over a system where small messages (512 Bytes or less) are encrypted and decrypted using a simple XOR using a OTP. That OTP is created using a seed based on the individual user...
View ArticleWhen NIST disallows the use of 1024-bit keys, what effect will that have on...
Quoting the article Gone in 60 Months or Less:The National Institute of Standards and Technology (NIST) has disallowed the use of 1024-bit keys after 31 December 2013 because they are insecure. Rapid...
View ArticleAnswer by e-sushi for What is it meant by a "hybrid argument"?
Quoting from "On beating the hybrid argument" (by Bill Fefferman, Ronen Shaltiel, Christopher Umans and Emanuele Viola; 2012):The hybrid argument allows one to relate the distinguishability of a...
View ArticleIs this really the correct way to do an IND-CPA test?
In a description of IND-CPA (indistinguishability under the chosen plaintext attack), I have been reading the following, simple test:The adversary can generate as many messages as he wants. Then, he...
View ArticleAnswer by e-sushi for Do I need to use a CSPRNG when creating salts for user...
Answering your questionIf an attacker has access to a copy of my users database table containing each salt and the related salted password, I can't understand how a CSPRNG would be more secure than a...
View ArticleWhat criteria make the theta step of Keccak's round function reversible?
From what I've been reading, Keccak's round function is reversible. That's pretty obvious for the $\rho$, $\pi$ and $\iota$ transforms. For $\chi$ to be reversible, $x$'s range has to be odd — but...
View Article
