Questions tagged [cryptography]
Cryptography is the practice and study of logical means used to achieve information confidentiality, integrity and authenticity. It covers, among other things, encryption (making some data unreadable except for those who know a given secret element, called a key), data hashing (in particular for password storage) and digital signatures (provable integrity and authenticity with non-repudiation).
2,392 questions
-1votes
0answers
22views
Securing Uploaded Human Consciousness: What Novel Defenses Could Survive Quantum Threats?
Let’s imagine a not-so-distant future: human consciousness can be digitized and uploaded into advanced computational systems. In this scenario, our very identities — memories, personalities, and ...
0votes
1answer
51views
Is this an effective scheme to store EEE key on browser client?
Application For the application, I have a user password encrypted private-key, which is basically the root-key stored in servers. User is prompted for password when he logs in, it decrypts the private ...
- 51
1vote
1answer
43views
Using OPAQUE without envelope checksums
I've been considering switching from SRP to OPAQUE, because I like the idea that verifiers (which can be subject to dictionary attacks) are never communicated over the protocol, even during ...
- 273
5votes
0answers
186views
Why ProtonDrive uses so many layers of encryption that looks redundant
I read their security model which explains how they laid out all these layers. https://proton.me/blog/protondrive-security Files and folders are structured in a tree and called nodes. Each node (file/...
- 51
2votes
1answer
468views
Is there any reason to choose A256GCMKW over A256KW in JSON Web Encryption?
When implementing JSON Web Encryption (JWE), I understand the reasons why you might choose A256KW over DIR. But, now I notice there is also A256GCMKW as an optional part of the JWE standard (see ...
2votes
0answers
91views
GPG: importing a friend's signature on my public key demotes "ultimate" to "full"
This may be a newbie question. A friend ("Bob") and I have tried to sign each others' keys according to these instructions. I want to get Bob's signature on my public key into my own ...
1vote
0answers
53views
What are some reliable and well-maintained Post-Quantum Cryptography (PQC) libraries with Go support? [closed]
I am looking for reputable libraries or solution providers that offer reliable, well-maintained, and well-documented implementations of post-quantum cryptographic (PQC) algorithms. Specifically, I am ...
- 19
3votes
1answer
390views
What does the parallelism parameter in memory-hard password hashing algorithms adjust?
When I change the parallelism parameter on Scrypt or on Argon2, which processing unit's threads do I influence? The CPU's threads? The GPU's threads? How does this all work?
8votes
2answers
4kviews
Is password-based encryption better than traditional password hashing?
I have a theoretical question regarding the comparison of password-based encryption and password hashing. Not sure if Stackoverflow or crypto is the best place, but this is more on the side of ...
1vote
0answers
272views
What was the "random" number Sony used for the PS3?
I've read that fail0verflow was able to hack the PS3 because Sony used a static number for the random number generator. I'm just really curious, what number was used? 42? 4? 7669773? Please note that ...
- 111
8votes
1answer
1kviews
Is it Secure to Use a Single AES-GCM Encryption Key for an Entire Database if Unique IVs and Tags Are Generated?
I'm currently developing a backend service where I need to encrypt sensitive data stored in a database. I'm planning to use the AES-GCM (Galois/Counter Mode) encryption algorithm for this purpose. My ...
1vote
1answer
1kviews
Can SHA-256 be used as a crude replacement for cryptographic signing?
I’m planning out how I’m going to set up some diy smart outlets in my house, and I’m trying to decide the best way to make them at least mostly secure. My current plan is to use a public http server ...
- 121
4votes
1answer
258views
OAuth 2.0: Is it possible to replace PKCE with DPoP-like proof-of-possession?
So I'm currently learning about Demonstrating Proof-of-Possession (DPoP) in Oauth after previously learnt about Proof Key for Code Exchange (PKCE). one interesting idea i've been thinking is, is it ...
4votes
1answer
1kviews
Does it make sense to disallow SHA-224 and SHA-256 to defend against quantum computers?
From Australia's Guidelines for Cryptography: For most purposes, a hashing algorithm with an output size of 224 bits provides 112 bits of effective security strength, with larger output sizes ...
- 35.4k
1vote
1answer
150views
How can I "update" a pgp public key on a keyserver with a new signature for one of the user id
I have created a pgp keypair and uploaded the public key to keys.openpgp.org. It included my email address. A government service has now verified my citizen ID and signed my pgp public key user id (...
- 113
