Questions tagged [cryptography]
Cryptography is the practice and study of logical means used to achieve information confidentiality, integrity and authenticity. It covers, among other things, encryption (making some data unreadable except for those who know a given secret element, called a key), data hashing (in particular for password storage) and digital signatures (provable integrity and authenticity with non-repudiation).
2,398 questions
0 votes
0 answers
72 views
Not quite end-to-end encryption: encryption models where backend needs to do processing outside of a user session
I'm struggling to come up with a better encryption model for this scenario: User is mobile app user Small (USA) company with small budget wants to store data encrypted at rest per user in cloud ...
- 101
0 votes
0 answers
157 views
In Windows 11 why a simple 32-bit console binary run from shell goes without problems while patching just a byte, triggers UAC/new-shell for it?
I came to ask this doubt here, because, it ended being more an operating system's security heuristics/cryptological question than a pure reverse-engineering one. Question is about UAC and its ...
- 101
0 votes
1 answer
98 views
What is the best way to authenticate and encrypt a simple, end-user started, ephemeral tcp server?
Context I have a GUI application with a proprietary scripting language. There is a library that starts a python child process from the GUI which listens on a tcp socket and runs any script command ...
- 101
0 votes
1 answer
85 views
Is it worth using Additional Associated Data in local-first encrypted notes app?
Context I decided to learn (or rather refresh my skills in) Java by creating a local-first desktop app for encrypted notes. Imagine a light version of Joplin (with less functionality) with notes ...
- 103
0 votes
1 answer
89 views
Use of assymetric encryption in Apple CloudKit (iCloud)
Context: CloudKit is a framework that lets app developers store key-value data, structured data, and assets (large data stored separately from the database, such as images or videos) in iCloud. ...
- 11
1 vote
0 answers
111 views
Can files be designed to "float" – existing only as fragmented, context-bound encrypted data?
I’m exploring a data security concept where files do not exist as conventional static entities but instead “float” as encrypted fragments, retrievable only through specific contextual parameters. The ...
- 21
0 votes
1 answer
104 views
Kerberos kinit password: what is it used for? Cryptographically?
Why is a password be presented during 'kinit' to authenticate with Kerberos? Cryptographically? In this post the Kerberos protocol is described and it appears to use symmetric keys. Given that, I ...
- 47
0 votes
1 answer
105 views
Is this an effective scheme to store EEE key on browser client?
Application For the application, I have a user password encrypted private-key, which is basically the root-key stored in servers. User is prompted for password when he logs in, it decrypts the private ...
- 51
1 vote
1 answer
100 views
Using OPAQUE without envelope checksums
I've been considering switching from SRP to OPAQUE, because I like the idea that verifiers (which can be subject to dictionary attacks) are never communicated over the protocol, even during ...
- 295
5 votes
0 answers
269 views
Why ProtonDrive uses so many layers of encryption that looks redundant
I read their security model which explains how they laid out all these layers. https://proton.me/blog/protondrive-security Files and folders are structured in a tree and called nodes. Each node (file/...
- 51
2 votes
1 answer
668 views
Is there any reason to choose A256GCMKW over A256KW in JSON Web Encryption?
When implementing JSON Web Encryption (JWE), I understand the reasons why you might choose A256KW over DIR. But, now I notice there is also A256GCMKW as an optional part of the JWE standard (see ...
- 123
2 votes
0 answers
149 views
GPG: importing a friend's signature on my public key demotes "ultimate" to "full"
This may be a newbie question. A friend ("Bob") and I have tried to sign each others' keys according to these instructions. I want to get Bob's signature on my public key into my own ...
1 vote
0 answers
124 views
What are some reliable and well-maintained Post-Quantum Cryptography (PQC) libraries with Go support? [closed]
I am looking for reputable libraries or solution providers that offer reliable, well-maintained, and well-documented implementations of post-quantum cryptographic (PQC) algorithms. Specifically, I am ...
- 19
3 votes
1 answer
472 views
What does the parallelism parameter in memory-hard password hashing algorithms adjust?
When I change the parallelism parameter on Scrypt or on Argon2, which processing unit's threads do I influence? The CPU's threads? The GPU's threads? How does this all work?
9 votes
2 answers
4k views
Is password-based encryption better than traditional password hashing?
I have a theoretical question regarding the comparison of password-based encryption and password hashing. Not sure if Stackoverflow or crypto is the best place, but this is more on the side of ...
