poncho

top accounts reputation activity subscriptions

Why would anyone use an elliptic curve with a cofactor > 1?

elliptic-curves asked Jun 12, 2012 at 22:28

crypto.stackexchange.com

21 votes

How fast can a SHA-256 implementation go?

implementation sha-256 asked Aug 3, 2017 at 15:13

crypto.stackexchange.com

14 votes

Is there a way to optimize a linear scan while preserving anonymity?

protocol-design asked Oct 28, 2015 at 21:26

crypto.stackexchange.com

11 votes

Are there CPUs that perform this possible L1 cache write optimization?

caching cpu asked Nov 16, 2015 at 18:44

softwareengineering.stackexchange.com

10 votes

Looking for the current status of the Chinese national cryptographic algorithm design competition

post-quantum-cryptography asked Jul 26, 2021 at 22:40

crypto.stackexchange.com

9 votes

Who originally generated the elliptic curve now known as P256/secp256r1

elliptic-curves nsa asked Sep 19, 2023 at 16:07

crypto.stackexchange.com

6 votes

Why doesn't the interaction $\gamma~+~\gamma~ \rightarrow~ \nu ~+~ \bar{\nu}$ happen?

particle-physics conservation-laws standard-model neutrinos asked Jun 3, 2021 at 13:15

physics.stackexchange.com

Top Answers

109

What is the difference between CBC and GCM mode?

crypto.stackexchange.com

100

How does RSA signature verification work?

crypto.stackexchange.com

How does one attack a two-time pad (i.e. one time pad with key reuse)?

crypto.stackexchange.com

Have any cryptographic breaks been executed in the real world since World War II?

crypto.stackexchange.com

HMAC vs ECDSA for JWT

crypto.stackexchange.com

Signatures: RSA compared to ECDSA

crypto.stackexchange.com

Why didn't Microsoft use a well-known encryption algorithm like RSA for telephone activation?

retrocomputing.stackexchange.com

Is using the same IV in AES similar to not using an IV in the first place?

crypto.stackexchange.com

How does recovering the public key from an ECDSA signature work?

crypto.stackexchange.com

HMAC-SHA1 vs HMAC-SHA256

crypto.stackexchange.com

Why do we use encrypt-decrypt-encrypt (EDE) in 3DES, rather than encrypting three times?

crypto.stackexchange.com

In RSA, why is it important to choose e so that it is coprime to φ(n)?

crypto.stackexchange.com

Applicability of IBM's projected 50-qubit quantum computer Q to cryptanalysis?

crypto.stackexchange.com

2way cryptography

crypto.stackexchange.com

How to solve MixColumns

crypto.stackexchange.com

Why must IV/key-pairs not be reused in CTR mode?

crypto.stackexchange.com

Chinese Remainder Theorem and RSA

crypto.stackexchange.com

How does IBM's 53-bit quantum computer compare to classical ones for cryptanalytic tasks?

crypto.stackexchange.com

Are longer passwords really safer against brute force attacks?

crypto.stackexchange.com

Is it safe to use a randomized IV for CTR mode?

crypto.stackexchange.com

How does encryption work in elliptic curve cryptography?

crypto.stackexchange.com

Can a computationally unbounded adversary break any public-key encryption scheme?

crypto.stackexchange.com

NIST Diffie-Hellman prime: how was it picked? Where did it come from?

crypto.stackexchange.com

Does Curve25519 only provide 112 bit security?

crypto.stackexchange.com

What was NIST’s reason to switch naming from MD… (Message Digest) to SHA… (Secure Hashing Algorithm)?

crypto.stackexchange.com

Why use an Initialization Vector (IV)?

crypto.stackexchange.com

Why was the term "discrete" used in discrete logarithm?

crypto.stackexchange.com

Why is elliptic curve cryptography not widely used, compared to RSA?

crypto.stackexchange.com

Is (AES-)GCM parallelizable?

crypto.stackexchange.com

Why is SSL on top of TCP?

crypto.stackexchange.com