15
votes
Accepted
Is it possible to store N bits of unique combinations, in N-1 bits? If not; why does MD5 get reprimanded for collissions?
Of course, the pigeonhole principle states that colisions are inevitable for hashing algorithms.
The point of hashing algorithms is not to prevent colisions. But to make intentional collisions ...
- 38.2k
13
votes
What is an example for a one-way hash function?
It seems you'tre talking about cryptographic hash functions, where it's essential that you cannot easily construct any input that will have a given output - that is what "one-way function" means. Hash ...
- 51.6k
7
votes
What is an example for a one-way hash function?
All hash functions are one-way. Hash functions map a larg(er) (potentially infinite) input space into a small(er) (usually finite) output space.
If you are familiar with the Pigeonhole Principle, ...
- 105k
7
votes
Accepted
Programming a library in multiple languages
The best is to write the actual code in C or C++, and then to just create interfaces for any other languages so that for example a python developer can use the library in their python code without ...
- 49.4k
6
votes
Is it possible to store N bits of unique combinations, in N-1 bits? If not; why does MD5 get reprimanded for collissions?
A hash function maps a larger (potentially infinite) input space into a smaller (usually finite) output space.
As a result, every hash function must have collisions. This is a consequence of the ...
- 105k
5
votes
Accepted
Do you need to implement TLS versions < 1.3 if you were to implement a TLS supporting library today?
Backward Compatibility
I think your question is a more general question around being compatible.
You can see this in several ways, the first of which is that TLS 1.3 is the most secure standard (@...
- 16.6k
5
votes
Accepted
How to randomly allocate a set of IDs digitally, one ID per person, such that everyone knows that the particular allocations are kept private?
I think the easiest way to achieve this is by having a trusted third-party, let's call it a trust center, who does the random assignments. Lets say you pick all the UUIDs first, encrypt them with a ...
- 221k
5
votes
Programming a library in multiple languages
Is it a good idea to implement the logic in one (Turing-complete) language, then call functions from all other languages? Or do I implement from scratch for each language?
Generally yes. This is the ...
- 1,583
5
votes
How to best obfuscate a built-in key in an application?
Obviously this isn't ideal, but you know that already. If you're not sure about their security you'll at least want them to have their own set of credentials so that you can invalidate them if they ...
- 39.4k
5
votes
How to best obfuscate a built-in key in an application?
You need to be aware of the caveats in the comments already given, and experience has shown that even strong obfuscation of built-in keys is not safe if an application is widely distributed and there ...
- 18.6k
4
votes
Is it possible to store N bits of unique combinations, in N-1 bits? If not; why does MD5 get reprimanded for collissions?
Cryptographic hashing will for example produce a 256 bit hashcode. If the hashed data is more than 256 bits, then collisions are unavoidable. Now try to find a collision, and you run into a problem. ...
- 49.4k
4
votes
What is an example for a one-way hash function?
Here's a simple example:
A hash of the string "Hello world!" is "Hel". If you're given "Hel", you cannot recreate "Hello world!", and yet it is likely not going to clash with many other strings.
...
- 22.9k
3
votes
Accepted
Does the SHA256 hashing algorithm change based on the content encoding?
SHA256 and practically all encryption methods operate on bytes. That is often impractical, so you might have a utility for example that encrypts a utf-8 encoded string by converting it to bytes and ...
- 49.4k
3
votes
Domain model and feature Crypter
The encryption functionality does not belong to the domain model, if it is only a technical measure to protect sensitive data. Why ? Because it's an implementation detail of the storage layer; you ...
- 82.3k
3
votes
Proof of digital document integrity
Yes, there is a solution. This can be done via a blockchain. This is how parties that do not trust each other can agree.
This would be a very basic workflow.
First, both users would hash the ...
- 161
3
votes
How to eliminate transparent memory copy in runtime?
When and why would such memory copy occur (in C and C++)?
By no means an exhaustive list, but examples would include:
Calls for explicit copies like strncpy(), memcpy()
Passing arguments by value ...
- 239
2
votes
Accepted
Encryption key on passwordless authentication
The core issue is what security properties you want to guarantee. This kind of server-side per-field encryption does have some benefits, but only under fairly narrow circumstances: it does not protect ...
- 136k
2
votes
Accepted
Creating a multiplatform (IOS, Javascript, and JAVA) linked user account database
Some things to consider:
Your database architecture has absolutely zero impact on your clients and vice versa. An API sits between these two layers and should handle all translation between them.
The ...
- 844
2
votes
C# Destructors in RSA Crypto
The code in the finalizer is there only as a safety measure, for the case the user of your class does not call dispose on an instance. Do not call the finalizer destructor, the destructor is only ...
- 18.6k
1
vote
Accepted
How to best handle keys for signing API callbacks
Background/Setup
It's probably worth looking to at what others do, for example consider AWS Access Keys, I am not sure if AWS AK's are a shared secret or a public/private pair, however AWS take ...
- 4,647
1
vote
How to verify that a legitimate (but unknown) remote asset from an unknown source has not been compromised and that its integrity remains intact?
I'm trying to understand how it will be possible (I refuse to believe it isn't possible) to verify the integrity of a new unknown remote asset from a new unknown source, when you cannot say for ...
- 120k
1
vote
Is there a reliable way to get get the fingerprint of a file hosted online, without fully downloading it?
The only way to definitively state that two files are identical is to compare every single byte of their contents.
Every operation where you represent the file with fewer bits that its actual contents,...
1
vote
C# Destructors in RSA Crypto
A) Is a finalizer here really needed?
RSA is a managed abstract class, so it should have its own finalizer if it owns any unmanaged resources.
B) I'm thinking that since the RSA instance passed in ...
- 6,397
1
vote
Protecting cryptocurrency private keys in a corporate environment
As Phillip mentions in his comment, the most solid approach to protecting secrets is a Hardware Security Module. I'm not qualified to get into the details of how that might work with various crypto-...
- 31.1k
1
vote
Accepted
Is there a way to encode binary into natural language?
So Meriam Webster has some 470,000 English words. More than enough for this task.
Take some subset of those words arrange them in a list from 0 to N, try and make N = 2^K -1 to make this easy.
For ...
- 16.6k
1
vote
How to store private ssh keys for my application?
Private encryption keys should be kept secure. This means that only the people/software that has a legitimate need to access those keys is able to do so and others are not able to access the keys.
...
1
vote
Simplistic non-secure example of public key encryption
Here is a simple explanation:
SSL uses asymmetric-key encryption. The better metaphor for that is a lock that anyone can lock, but only one person can unlock.
and a more complex example using DNA:
...
Only top scored, non community-wiki answers of a minimum length are eligible