Questions tagged [cryptography]
Cryptography is the practice and study of logical means used to achieve information confidentiality, integrity and authenticity. It covers, among other things, encryption (making some data unreadable except for those who know a given secret element, called a key), data hashing (in particular for password storage) and digital signatures (provable integrity and authenticity with non-repudiation).
2,373
questions
10
votes
3
answers
3k
views
Determining Entropy in PHP
I am using the following code in my code to send a password reset token to a user.
$token = md5($user_id . time());
Why this is considered as a bad approach being cited as it has a weak entropy. The ...
- 285
0
votes
1
answer
81
views
Decrypting base2i encryption? [closed]
We all know base64, which can be easily decoded, but there's also base2i encryption. Yes, the base is a complex number. I can only find very limited resources online about this. I'm wondering how can ...
- 227
1
vote
2
answers
59
views
How does the key distribution center (KDC) distribute the session key in symmetric ecryption?
When A communicates with B using third party KDC:
A issues a request to the KDC for a session key; the message includes the identity of A and B and a nonce, N1.
KDC responds with a message encrypted ...
- 13
3
votes
0
answers
67
views
Security concerns when adding virtual keys to an existing system relying on physical DESfire keys
Imagine a room shared by many people that can obtain a key to the room, once they meet a certain set of requirements. The room has an electronically controlled door lock, which can be locked and ...
- 131
0
votes
1
answer
41
views
Can ML-KEM be used for other purpose than exchanging AES GCM keys?
After checking implementation of ML-KEM , I believe the main purpose is to replace Diffie-Hellman RSA key exchange with some more secure method.
If AES-GCM is chosen as the secret key to exchange, how ...
2
votes
2
answers
101
views
How do I capture HTTPS requests with Python if I have full access to the user's computer
Before any of you answer, "HTTPS is built on top of TLS and everything is encrypted"
I need to specify a very important note: I have FULL access to the client's machine (Windows)
My ...
- 21
2
votes
1
answer
239
views
How does JWE secure the Content Encryption Key
I apologise in advance if this is a dumb question. But this seems like one of those straight forward things that are so straight forward that its not even mentioned and I am not getting it.
Perhaps I ...
- 123
3
votes
2
answers
422
views
In practice, what are the identities in the Needham–Schroeder protocol?
In the Needham–Schroeder public-key protocol we have the identities A and B of Alice and Bob, respectively. The initial version of the protocol was vulnerable to a MitM attack where the fix consists ...
- 709
1
vote
1
answer
41
views
In TLS1.3 server hello can the legacy version field set to 0x0304
As part of TLS1.3 handshake client hello sent containing the TLS1.3 version support as part of suppored_versions extension, consider if as part of server hello supported_versions extension is not ...
- 51
1
vote
0
answers
33
views
Can linear congruential generator be used in public-key cryptography? [closed]
The question is not about generating pseudo-random numbers with linear congruential generator.
A linear congruential generator (LCG) is defined by the recurrence relation:
[ X_{n+1} = (a X_n + c) \mod ...
5
votes
2
answers
2k
views
What exactly is the Randstorm vulnerability?
I've read the article from Unciphered about it, multiple times, and still fail to understand it.
It basically says that wallets generated by the BitcoinJS front-end library from 2011 to 2015 are ...
- 51
1
vote
1
answer
129
views
what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested
"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", ...
- 51
2
votes
2
answers
78
views
Security Risks of Deriving Crypto Wallet Seed Phrases Using Deterministically Derived Salt
I'm working on a project where I want to generate a set of crypto wallet seed phrases from an existing seed phrase. The reason for this is so that using just the original seed phrase the wallet holder ...
- 21
1
vote
0
answers
41
views
Security considerations in choosing DTLS connection IDs
Are there any security concerns with choosing highly structured or short connection IDs for use in DTLS? For example:
32bit connection IDs handed out sequentially: There is obviously statistical data ...
- 262
2
votes
1
answer
61
views
Why is the "intermediate" challenge needed in Bluetooth ECDH since the "real" verification is performed at the end with code comparison?
Why is step 4 needed? What does it protect in terms of security? Doesn't the protection arrives from the last step so when Va and Vb (so called TK, Temporary Keys) are compared?
Other thing: I read ...
- 129