I would like to know if the following ideas are feasible:
Hash function is one-way function.
Generate public key from private key is irreversible(asymmetric cryptography).
User password entry -> SHA(or adding salt before hashing) -> hash value(as ECC private key) -> generate public key from private key -> save public key(drop private key)
User password entry -> SHA(or adding salt before hashing) -> hash value(as ECC private key) -> generate public key from private key -> verify the public key with the saved one.
Based on that:
a.User or others can encrypt selected information(by using public key) that only user can decrypt it.
b.System administrator can generate a public/private key pair then both user and administrator can encrypt/decrypt selected information(by using Diffie–Hellman key exchange method).
I think that brute-force method(exhaustive attack method) can crack any password, and it is only a matter of time.It should be an another topic.
I am trying to prevent user information leak or rainbow table attack even if system being hacked.
I have searched and read the following information:
Handling user login using asymmetric cryptography
Asymmetric Cryptography as Hashing Function
I have heard many times that Group Theory is highly important in Computer Science, but does it have any use other than cryptography? I tend to believe that it does have many other usages, but cannot find out where and how to apply Group Theory to other areas in CS, such as algorithms, data structres, graphs, complexity and so forth.
Is this Correct, the existence of cryptography requires $ UP \cap Co-UP \not\subseteq BPP$ ? Or does it require $ UP \not\subseteq BPP$ ?
I’m reading some basic info about Web Cryptography API and I’m wondering if is possible to implement some crypto provider (C/C++ library or something) with some extra algorithms or is mandatory to use the ones “embedded” with the web browser. I have finded articles about the security and tutorials about how to use it but nothing about custom implementation. I don’t know if it uses Operating System libraries or only web browser libraries, if should be used “as is”… Some reference or clarification is appreciated.
The Post Quantum Cryptography is a type of cryptography that lies on physics properties instead of mathematics , it has many algorithms and implementations like NTRU , McEliece , SIDH … etc
But there is a difference between Post Quantum Cryptography and Quantum Cryptography , i’d like to know some algorithms of that and also if they have implementations for example on Github or any thing like that
Kerberos is an authentication protocol that is famously built using only symmetric ciphers.
As a direct result of this, there are several attacks possible, such as
- AS-REP Roasting
- AS-REQ Roasting
- Silver Tickets
- Golden Tickets
While some attacks require specific conditions (e.g. AS-REP Roasting requires disabling pre-authentication), other attacks like AS-REQ Roasting cannot be prevented at all.
It seems odd to me to use symmetric cryptography for a task that just screams “Please use asymmetric cryptography for this!”. Is there something I am missing? What are the reasons for choosing symmetric ciphers?
Just wondering what is the story behind the front cover image of Schneier’s Applied Cryptography book https://www.schneier.com/books/applied_cryptography/
Who is the author? Is it some famous picture encrypted or there’s a much simpler explanation?
I want to protect my NFC tag against unauthorized copying.
I understand that EMV is using asymetric cryptography. My focus is on understanding of other standards (NTAG413, MIFARE DESFire) or anything else you could suggest that provide similar level of securitu against tag cloning.
There are some past answers, but the standards evolve (NTAG413 is quite new I think), therefore I wonder if anything has changed on this landscape.
What is the difference between “asymmetric cryptography” and “asymmetric key cryptosystem” terminology?
This is the ultimate noob question.
When reading discussions of cryptography, I often come across phrases like these:
…calculates a hash over the primary key…
…a key derivation function over a static string…
…an HMAC over the i-th derived key…
Is “over” in these examples just a hip way to say “of”?
More concretely, is there a real technical difference between the sentences above and their counterparts below?
…calculates a hash of the primary key…
…a key derivation function of a static string…
…an HMAC of the i-th derived key…