Is there necessarily an infinite number of inputs to any given output in a crypto hash function? [migrated]

This might be a very easy question. Let’s consider cryptograhic hash functions with the usual properties, weak and strong collision resistance and preimage resistance.

For any given output, obviously there are multiple inputs. But is that necessarily an infinite number of preimages, for any given hash value?

How would I go about giving a formal proof that there exists no crypto hash function h() such that there is a given value v = h(m*) for which the possible set of inputs m* is finite? Would this necessarily break collision resistance?

S/Kademlia dynamic crypto puzzle

In S/Kademlia two crypto puzzles is used, one static and dynamic. The static is used to generate a key pair that makes an eclipse attack difficult to achieve, the dynamic to make Sybil attacks harder.

crypto puzzles

In the dynamic, I am very confused about the x which is found, since I can’t find any evidence for this ever being used again in the system, is it send along in a signature or what is it used to?

I do not think the paper mentions any use of it, I at least have not been able to find it, why I ask here for the use of x.

Why does the NodeJS Crypto docs use CBC instead of GCM for RSA key-pair?

I have read that GCM is almost always more secure than CBC when implemented correctly.

However, in the documentation of NodeJS, CBC is being used as an example instead. The key-pair will be stored in the node environment.

Since the private key is being stored locally and CBC is an acceptable encryption for local files according to this answer, is it a secure enough implementation, or should GCM be used such as in this sample code?

How do crypto coprocessors securely decrypt a disk without allowing bus sniffing?

I’m trying to understand how using a crypto co-processor chip can securely decrypt a disk without someone getting the decryption key by sniffing the bus it communicates on or loading the disk onto another computer and viewing the contents that way. Specifically, I’m trying to figure out how this works when someone has physical access to the device and the device needs to be decrypted without a password.

An example would be an ATM that has an embedded device that will boot on OS only if it is running on trusted hardware that has a crypto chip. In this case it is passwordless (there is no login to be able to use the ATM terminal). A malicious actor can get physical access to the board, but shouldn’t be allowed to sniff the bus between the crypto coprocessor and the main processor nor be allowed to remove the SD card and view the contents on a separate computer.

Consider the following situation:

  • Embedded system running Linux with a crypto chip that communciates over i2c
  • Disk is removable media such as an SD card and has full disk encryption
  • The device is passwordless, but only runs on the trusted hardware
  • The removable media cannot be loaded into another device and analyzed
  • The device/keys can be provisioned in a secure environment

Questions:

  • How is it possible that the decryption key can be transmitted across the i2c bus without being intercepted?
    • I assume it uses public key encryption, but how is the private key on the disk side kept secret?
  • Can this setup work if the removable media is not paired with a specific crypto chip?
    • Example being the device gets a new SD card (but can still be decrypted with the crypto chip)

using public key crypto instead of password for authentication

first I’d like to apologize if this topic is already discussed. I search through the related questions but until now none of them gives me an answer.

So, who am I and what do I want to achieve:

I’m the head of IT and development in a small group of enthusiasts spending thier free time with a bit of hobby development. We don’t have an office yet, but maybe consider to rent some small office rooms and set up a small set of systems so we can work together while also be physical together in one room instead of only communicating over the net (wich we use many different ways from classic mailing-list style over some sort of bulletin board to voice conferences). It’s just: When sitting near each other it’s easier to interact with each other. As we all are technophile I thought about to come up with some “geek way” of user management based on public key crypto and some sort of hardware token like smart cards. My idea goes like this: Instead of having the normal way with usernames and passwords entered into a logon shell one just inserts the smart card into a reader (or maybe a usb drive contain a certificate) and the running system logon and unlocks itself without the user have to supply some credentials other than the token. To make this work on each machine all is centralized on the server so on one day I can sit on the window enjoy the view, on the other day group together with some others to active brainstorm while sitting back on back.

I know: Never roll your own crypto, but an professional / enterprise solution would be overkill and as this is only a hobbyist project we would like to save the cost.

So, here’re my questions: – Does someone know how to implement such auto-logon-when-insert-smart-card? I’m sure this should be easy on unix, but is such also possible on windows? – In addition to auto-logon it would be cool to auto-logoff (or at least screen lock) when the smart card is removed so you could savely go away for a break by just take the card with you. – As the idea is mostly based on some sort of hardware token – is public crypto the right way for this? Although I’m a fan of smart cards other solutions possible: plain usb thumbdrive wich gets scanned on insert wich just could have an certificate with its private key stored on it (maybe not the best idea as this defeats the purpose of hardware token when the private key could be read) or other stuff performing a basic auth based on stored secret credentials.

The main reason for this idea: When setting up something like a windows domain you enforced to somewhen change the passwords (at least I don’t know how to disable it at all so once set there’s no need to change the password ever again). Also: it’s not like protecting some secret personal data. As anything get’s stored on the server (the clients are basicly thin-clients working remotely on a server instance) but just to authenticate whos using what machine and to make sure when a commit is done the system automaticly knows who it was.

Currently it’s a bit of “yea, we have some repos anyone has every permission on it – and to figure out what files are from who and who made changes to it we rely on comments and a basic versioning system” – not very productive, but it gets the job done.

Thanks in advance to all comments.

Matt

Crypto Currency Trading Platform

ProperSix will be the best trading platform: Are you frustrated?, Are you worried about the damage to your online business?. Afraid to invest, Then don't worry about that. Now I will introduce you with a company where you can invest and get amazing benefits.

Best Trading Platform

[​IMG]
The name of the company is ProperSix. It is more secured and more trusted site to invest in. It use the…

Crypto Currency Trading Platform

I will promotion bitcoin or crypto marketing and grow blockchain traffic for $2

I Will promote bitcoin website link on targeted people and sites. All genuine and real traffic through Sign Up can bring. I can prom0te your Bitcoin Links to the sites where there is more than 10 million real active members present. Get the following services and features with this Gig:- ☑ Get Worldwide Bitcoin Related Audience. ☑ Get Massive Promotion. ☑ 10 million real active Audience ☑ Get Social Do-Follow Backlink. ☑ 100% Manually Work, NO Software use. ☑ 100% Client satisfaction. ☑ Money Back Guarantee. So hurry up, Order now and get this Exclusive Service Feel free to contact me if you have any questions.

by: Hotem
Created: —
Category: Traffic
Viewed: 369