All Questions
33
questions
1
vote
1
answer
81
views
Security of this MAC scheme
I'm studying for a cryptography exam, I have this question from a past exam:
Consider the MAC with key $k$, based on a block cipher $E_{(k)}$ with block size $n$, and a collision-resistant hash ...
- 11
0
votes
1
answer
75
views
Safe implicit value validation: $H_k(k \oplus m) \sim H_k(m)$?
$H_k$ is a cryptographic hash function that's keyed using a section of key material $k$ (for whatever definition of "keyed" that's appropriate for the given hash function $H$).
Are the ...
- 814
6
votes
3
answers
1k
views
Does symmetric key cryptography usually include hash function?
This may be a very basic question.
I know that symmetric key algorithms use the same key to encrypt and decrypt plaintext and ciphertext.
However, it seems that hash functions are often classified as ...
- 325
0
votes
0
answers
42
views
Asymmetrical scheme: insecurity concerns of saving a hash of a hash of a password
please verify or explain how to do this properly.
I'm letting a user create keys from the client through a secure server.
I ask the user for a password on the client, then send the hashed password to ...
- 109
0
votes
1
answer
109
views
Standard way to generate pseudorandom bytes on demand
I considered Extendable-Output Function (XOF) with a random seed but it seems I would have to specify the output length at the start and store the entire output. I don't know how many bytes I will ...
- 845
0
votes
1
answer
113
views
Objective block cipher round function measures of security
One issue that may arise when attempting to evaluate the security of a round function for a block cipher is that the analysis of the round function does not treat the round key space and the message ...
- 1,235
0
votes
0
answers
66
views
Decrypt one cipher with multiple and independent passwords
Consider that an online shop subscribes an embedded external service for their customers. This external webpage is accessible through a clickable banner on the online shop.
On the subscription area of ...
- 113
2
votes
4
answers
1k
views
Cons for stream ciphers that are based on hash functions
In an answer of here someone mentions:
if you have a hash-function-with-oracle-powers, then it is rather easy to generate a pseudo random stream from a secret key, by hashing K||n where K is the ...
- 236
1
vote
1
answer
135
views
Encrypting h(k) for defeating partition oracle attacks
Is encrypting $h(k)$ (or even just $k$) and verifying it before checking the MAC enough to defeat partition oracle attacks and thus make the whole scheme robust/committing (without depending on ...
- 77
2
votes
1
answer
285
views
Could a symmetric encrypted communication with a SHA-512 hash still be manipulated?
I just got back from an exam review and there was a question I remembered that I apparently got wrong. I wonder if someone could help me with this, since it bothers me.
The question was something like ...
- 163
0
votes
1
answer
72
views
The magic box puzzle: How to implement a verifiable self-contained secret system?
Imagine we have a magic box that will open only if we pronounce the secret words. Everybody at the beginning of the game have some verifiable proof of the correct secret words.
During the first phase ...
- 103
6
votes
1
answer
7k
views
AES: Why is it a good practice to use only the first 16 bytes of a hash for encryption?
I'd like to encrypt Text with AES/CTR and a password defined by the user in java. I already checked the internet (and stackoverflow) for answers. The most used version is to hash the user password ...
1
vote
1
answer
131
views
OAEP security with variable length hash function
I'm implementing a hobby cryptosystem for fun and to increase my knowledge on the subject, and I was wondering if the OAEP construct was still sufficient as an all-or-nothing-transform if variable ...
- 189
0
votes
1
answer
154
views
Hash ratchets with truncating hash function
I'm working on a forward secret messaging system that relies on hash ratchet. I'm using BLAKE2b as the one-way function, which by default produces 512-bit digests. These digests are truncated by my ...
- 61
2
votes
0
answers
603
views
The right way to encrypt sensitive data with an user password
I am developing something like 1Password and I want to be sure that method that I use is secure. Main idea of the app is storing user passwords, and is protected with a global master password. Main ...
user57649