Collaborate Disseminate
For the symetric keys it is recommend that the same key should not be used to encrypt large number(2^32) of cipher blocks to avoid the key-exhaustion risk.
Curious to know whether the asymmetric key also has such a risk? i tried to searc… Continue reading Key Exhaustion Risks in Symmetric and Asymmetric Cryptography [migrated]
Through reading the WebAuthn spec and related MDN docs, I understand that unlike "certificate signing requests", FIDO/Passkey can have various different attestation formats and verification methods/algorithms during public-key cr… Continue reading Will sky fall if I don’t verify `AuthenticatorAttestationResponse`?
I’ve posted this over at Stack Overflow but I think it’s best suited here:
I’m making a web app where users will upload sensitive data (private finances records), so I want to encrypt one column in one table that holds the value.
If I unde… Continue reading How to implement public key encryption for a webapp?
I am trying to understand some concepts such as DH problem and its variants. I have the following question from the book I read. (note that I translated the question from my language to english)
Assume that two parties are using DH to mak… Continue reading which DH protocol is safer in communication with given condition? [migrated]
Disclaimer: I am very new in this area and working to understand internet security by myself.
On the internet, I have found some public keys belonging to some web pages. I see that RSA is used in those pages, and I know that the private an… Continue reading Understanding RSA public keys in web pages [closed]
When we want to send a message from A to B with confidentiality and non repudiation. I want answer and reasons for both the technique
1)
Why First Encrypt then sign is better ?
2)
Why First sign then Encrypt I’d better than 1)
From this question, it is said that when creating a CSR, we attach the public key and fill in other data.
When creating a CSR, you attach your public key to it and fill in other needed data; you then send it to a Certificate Authority (CA… Continue reading Is a Certificate Signing Request a concatenation of public key and metadata?
I came across a PGP public key that seems invalid. The key is a secp256k1 public key that supported by GPG. In fact, GPG allows importing that key even if it has an invalid secp256k1 public key inside.
Running –list-packets on the key sho… Continue reading GPG allows importing an invalid secp256k1 public key
When I run the command btc_address_dump "0x0000000000000000000000000000000000000000000000000000000000000001" the outputed public key is 0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1… Continue reading How to generate public key from private key in python3 with out importing any module [migrated]
I’ve been reading about WebAuthn and try to write some code to exercise.
One thing I noticed is that the spec doesn’t seem to provide any way to verify the correctness of the public-key being create()’d other than through attestation. And … Continue reading WebAuthn does not guarantee public-key integrity other than trough attestation?