Linked Questions

Problem Overview I want to securely store log files so the contents are secret, and they can't be modified without detection. The files will be encrypted using authenticated encryption (AES in GCM ...

After trying to invent my own AES mode, I decided to just implement something that's known to work, namely CTR mode with HMAC-SHA-256. From what I understand, I can use the IV as a counter, and the ...

Yesterday I came across some conversation discussing partitioning oracle attacks, against authenticated stream ciphers like ChaCha20 and Salsa20 with poly1305 for MAC. As I understand it (though the ...

I have this scenario where I use Encrypt-then-MAC (AES256-CBC and HMAC-SHA256) with keys generated by a CSPRNG (specifically, SecureRandom in Java). I'd like to know which is better: Use the CSPRNG to ...

Since the maximum authentication tag (MAC) size of AES-256-GCM is 16 bytes, And given that in one implementation, that breaking the MAC would break the security (ex. when a boolean 'decrypted' is used ...

is HMAC-SHA512 quantum safe , I am planning to use it for encrypt-then-mac scheme with aes256-cfb mode for a post quantum safe PGP like protocol.

Let's say, Alice uses AES256-CBC to encrypt some data. The key for encryption is derived using PBKDF2, where password is some passphrase Alice and Bob agreed on (using DH) and salt is random generated ...

I'm mainly trying to verify large file chunks which are encrypted each alone with a different key/salt/nonce for each chunk then appended to the whole file in the end to form 1 file. One thing I ...

I read from Is GCM mode of authenticated encryption quantum secure? that AES-GCM will be insecure if the attacker is allowed to perform entangled queries on your GCM implementation, and return ...

As an example, let's take a simple situation where AES-256-CBC with IV + MAC is used to encrypt a given plainText and offer authentication. ...