Subscribe to Cryptography feed
Updated: 18 min 5 sec ago

Anyone have some advice?

Sun, 01/14/2018 - 15:56

What would be a good place to start in order to become a cryptographer?

submitted by /u/juli62
[link] [comments]
Categories: Information Security

Why do we need steps 4 and 5 in Symmetric Needham-Schroder?

Sun, 01/14/2018 - 12:01

Symmetric Needham-Schroder aims to establish a secret key between two parties A and B and it uses a trusted server S.

  1. A->S: A, B, Na

  2. S->A: {Na, Kab, B, {Kab, A}Kbs}Kas

  3. A->B: {Kab, A}Kbs

  4. B->A: {Nb}Kab

  5. A->B: {Nb - 1}Kab

What is the point of steps 4 and 5? By this protocol only A could've got {Kab, A}Kbs to send to B and if Kbs is not compromised then what's the point for B to make sure that A has the Kab?

submitted by /u/gleb09
[link] [comments]
Categories: Information Security

Encipherment method question.

Sat, 01/13/2018 - 11:15

I have been playing with cryptography for a while, definitely not an expert. I would love to solve Kryptos though!

I was wondering if anyone could describe the method used for a single letter of plaintext being encoded into 3 letters? I have googled and can seem to find anyone using this method.

Security is not an issue, if it is breakable that is fine, but I would love to find a simple program that could turn "A" into "ACH" as an example and decode it as well.


submitted by /u/drazil91
[link] [comments]
Categories: Information Security

Asymmetric, symmetric, and...?

Fri, 01/12/2018 - 17:28

CS student here. We're studying algorithms behind symmetric/asymmetric key algorithms.

I was curious - is there any alternative to the above? I couldn't imagine so, as it boils down to the nature of communication (digital, person-to-person, what-have-you): in a message, you only have a sender and recipient. The recipient could be a group of people (even everyone, perhaps), which would mean that each of those parties have one side of an asymmetric key (or share a symmetric).

The only alternative I could think of would be a three key system, such that the third key had the ability to verify senders/message contents, without having access to the actual message. Even then, though, it wouldn't ensure that either party is just sending garbage. Furthermore, that could be accomplished with a number of asymmetric keys.

Therefore, are there any alternatives to the above options?

submitted by /u/a_p3rson
[link] [comments]
Categories: Information Security

Help on a question

Fri, 01/12/2018 - 14:02

I am designing a protocol between Alice and Bob they are entities in a multi level system, Bob is the only entity in the system allowed to read message M other than Alice. The server can issue symmetric session keys for this particular session only, Alice and Bob can only use public key cryptography and there are no longer any long term symmetric keys present.

The protocol should guarantee that Alice is oblivious to whether Bob has failed or succeeded in viewing the message. The server should be able to distinguish different sessions of the protocol. This should not exceed 5 steps.

Any help on how to design a protocol like this??

submitted by /u/warnet123
[link] [comments]
Categories: Information Security

Cryptography Discord

Fri, 01/12/2018 - 11:38

Dear, r/cryptography!

You are invited to the first ever cryptography community on discord! We are looking to build a friendly community of people sharing, cracking and discussing ciphers, cryptography, and cryptocurrency. You can join for free, here:

kdyh ixq!

submitted by /u/MrNoxXi
[link] [comments]
Categories: Information Security

Minimizing the damage when a signing key is stolen.

Fri, 01/12/2018 - 11:00

Let's say we have a server whose job is to sign documents using a secret key. Let's say that there's a bug in the software and the secret key gets stolen. I'm interested in mechanisms to mitigate the damage.

Q1: Instead of giving a the server a single secret key, you'd give it a sequence of secret keys. The node signs doc1 with key1, doc2 with key2, etc. When it's done with a key, it throws out the key completely, so that key can't be stolen any more. There must be some mechanism to procedurally generate the sequence of keys, but I don't know the name of the technique to google it. Anybody know what this is called?

Q2: are there any other cool techniques that can be used to protect the secret keys?

submitted by /u/joshyelon
[link] [comments]
Categories: Information Security

can someone help me with this?

Fri, 01/12/2018 - 02:45

I have encountered a code that I can't solve.. Would anyone care to lead me on how to decrypt it?


submitted by /u/LoliGoose
[link] [comments]
Categories: Information Security

HMAC vs salt

Wed, 01/10/2018 - 09:21

I know these kinds of questions have been asked a lot but I've been searching around and haven't found this exact one. This is more of an academic question as I know that neither of the solutions below are suitable for real world use (a password-based key derivation function, such as PBKDF2, would be much better for example).

Let's say I have a user password that I want to store in a database and have generated a random salt/key to go with it. Below are a couple of (not particularly good) ways I could do it:

  1. I can combine the password and the the salt (the random key) like this HASH(password + salt) and store the hash and the salt in the database. To brute force this, I would have to re-create my rainbow tables with all the passwords appended with the salt.

  2. Alternatively, I could use a HMAC function to generate the hash, e.g. HMAC(password, key/salt). Again I can store the password and the salt and am able to verify a user's password in a similar way to the above method.

My question is how, as an attacker, is the HMAC solution any easier/harder to brute force that the straightforward hash and salt? All I can find anyone saying online is that HMAC shouldn't be used as the key should be secret. No one really explains why. I've looked at the implementation of HMAC and wikpedia says it's this:

hash(o_key_pad ∥ hash(i_key_pad ∥ message)) //Where ∥ is concatenation

This basically looks like the password + salt approach with a extra step, so why use one over the other?


submitted by /u/Antonio_el_tigre
[link] [comments]
Categories: Information Security


Tue, 01/09/2018 - 19:53

33 36 20 36 34 20 32 30 20 33 36 20 33 31 20 32 30 20 33 37 20 33 33 20 32 30 20 33 32 20 33 30 20 32 30 20 33 36 20 36 35 20 32 30 20 36 33 20 33 33 20 32 30 20 36 31 20 33 33 20 32 30 20 33 36 20 36 36 20 32 30 20 33 32 20 33 30 20 32 30 20 33 37 20 33 30 20 32 30 20 33 36 20 33 31 20 32 30 20 33 37 20 33 32 20 32 30 20 33 36 20 33 31 20 32 30 20 33 32 20 33 30 20 32 30 20 33 37 20 33 36 20 32 30 20 33 36 20 36 36 20 32 30 20 33 36 20 33 33 20 32 30 20 36 33 20 33 33 20 32 30 20 36 31 20 36 31 20

who can help me to resolve that?

submitted by /u/JackBowln
[link] [comments]
Categories: Information Security

Best encryption to implement for application development?

Tue, 01/09/2018 - 15:49

I am writing a program (.net, c#) that stores some sensitive user data to a file, and I want to make sure that it is encrypted.

Are there any recommended encryption libraries / dlls that I should be using? Preferably something open source.

Thank you!

submitted by /u/primo_pastafarian
[link] [comments]
Categories: Information Security

Need help with a Ciphertext

Mon, 01/08/2018 - 21:56

I'm not very good at doing this type of stuff yet, but I know it's not a simple cipher and it could be a 32-bit conversion of some sort, but I've been coming up dry on all fronts that I've tried. If anyone can lead me through the process as well as telling me the answer, that would be awesome.


submitted by /u/DanceBurgerDance
[link] [comments]
Categories: Information Security

An odd thought on using AES with rotating input ciphers:

Mon, 01/08/2018 - 12:56

Background: dm-crypt on linux actually hashes whichever key(512bit max)/keyfile (8MiB max) for use in encrypting hard drives.

Academic papers show AES can be broken with related key attacks.

Goal: every 8MiB of hard drive space should have its own hopefully distinct keystream in an effort to starve cryptanalysts of data. AES is chosen because of robust hardware support. Each 8MiB of HDD will be referred to as a distinct cipher block (dcb).

Hairbrained scheme: use an 8MiB master key, wrapping around to the beginning as necessary. Move the key-beginning one bit over within the Master Key for each dcb. This dcb-specific key will be defined as the dcb-key.

So far, this sounds like it should be weak to related-key analysis.

Caveat: reduce the iteration count from the dm-crypt recommended 1000-2000 (each contains AES256's 14 rounds) to something much simpler. I wanna see if 1-100 would be sufficient, since we're only using each dcb-key for 8MiB. Then use the relative glut of processor time to hash each dcb-key on its way into the AES function.

As hash functions can be used as Random Number Generators, this seems ideal. Would we still expose ourselves to related-key attacks? Would such an attack on such a scheme be a way to hunt for weaknesses in the hashing algorithm? What weaknesses does this approach have?

submitted by /u/Pzazz
[link] [comments]
Categories: Information Security

Thoughts on this Ars Technica article on cryptography?

Sun, 01/07/2018 - 10:09


I'm trying to understand elliptical curve cryptography but I got stuck in the beginning already:

It turns out that if you have two points, an initial point "dotted" with itself n times to arrive at a final point, finding out n when you only know the final point and the first point is hard. To continue our bizarro billiards metaphor, imagine that one person plays our game alone in a room for a random period of time. It is easy for him to hit the ball over and over following the rules described above. If someone walks into the room later and sees where the ball has ended up, even if they know all the rules of the game and where the ball started, they cannot determine the number of times the ball was struck to get there without running through the whole game again until the ball gets to the same point. Easy to do, hard to undo

Shouldn't this be easy to do, easy to undo? You just have to run through the whole game again. So the decrypting attacker has to do the same amount of work as the encryptor.

Further on in the article I get stuck again. Am I such an idiot or are there better explanations on ECC available?

submitted by /u/korben_manzarek
[link] [comments]
Categories: Information Security

Masternode server help

Sun, 01/07/2018 - 06:55

Hello Reddit!

I wanna set up a masternode server for GoaCoin. What do I need in terms of hardware? I have some spare parts laying around here with includes:

MOBO: Asus sabretooth R3.0 CPU: AMD FX 8350 RAM: 8gb @ 1666 Mhz GPU: gtx 1050 SSD: 120gb CASE: Corsair 750D Airflow

Will this be enough? I can't seem to find good info about this and in FB groups the only term they know is DYOR even you already did your own research.. Also if anyone has experience with GoaCoin feel free to share your knowledge and experience with me! If you wanna contact me through e-mail that's fine but we will exchange them in private.

submitted by /u/Dionysher
[link] [comments]
Categories: Information Security

Ehav Nuf

Sun, 01/07/2018 - 00:21
Categories: Information Security

I have a cypher that I need help with please.

Sat, 01/06/2018 - 22:44

It is VERY long and I don’t want to paste it here but someone may know the exact way to decrypt it since I was told it wasn’t that hard. There are groupings of 8 characters that are A-F and 1-9 and are in all caps. Some have only numbers in them. So to give you an idea it would look like 01E60AB6 and then the next grouping of 8 characters would start. Any ideas on how to decrypt it?

submitted by /u/josh109
[link] [comments]
Categories: Information Security