Questions tagged [ciphers]

In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. To encipher or encode is to convert information into cipher or code.

141 questions
28
votes
4 answers

Do you rather trust a widely adopted algorithm or an underdog if they're cryptoanalytically on a level playingfield?

If it comes to the security a hashing or encryption algorithm provides, we never know the full story. There's that part that we (respectively the public research) understand and can reason about, but we also know that there might be weaknesses we do…
23
votes
6 answers

Why does IV not need to be secret in AES CBC encryption?

According to Wikipedia, the initialization vector (IV) does not have to be secret, when using the CBC mode of operation. Here is the schema of CBC encryption (also from Wikipedia): What if I encrypt a plaintext file, where the first block has a…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
18
votes
1 answer

How do I know which cipher suites can be disabled?

I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers. I've been looking around a bit, but…
Martijn
  • 359
  • 1
  • 2
  • 9
17
votes
3 answers

Is there a cipher suite "translator"

I have a list of cipher suites in this format: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 Is there a fast, easy way of translating it to more human readable/management readable format? :)
mancuss
  • 303
  • 2
  • 6
12
votes
2 answers

What is the most robust available algo for GPG symmetric encryption?

What is the most robust available algo for GPG symmetric encryption (given as argument of --cipher-algo)? Possible ciphers: IDEA 3DES CAST5 BLOWFISH AES AES192 AES256 TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256
user123456
  • 520
  • 1
  • 4
  • 13
11
votes
2 answers

TLS 1.2 and enable only AEAD ciphers suite list

A company have made a vulnerability scan and give us a report that, recommends to use TLS 1.2 and enable only AEAD ciphers suite, but they aren't giving more information about what I need to achieve this. I haven't found the list of this ciphers…
kimo pryvt
  • 469
  • 4
  • 6
  • 12
8
votes
2 answers

Why is the BCrypt text "OrpheanBeholderScryDoubt"

I'm looking for a reference about the weird initial BCrypt text "OrpheanBeholderScryDoubt" Why was this string used? Would using 192 zeros or ones not have worked well in practice for some reason? Was that just four random dictionary words…
wim
  • 623
  • 1
  • 5
  • 18
8
votes
3 answers

What are the 'P' values in some cipher string?

Most of the cipher strings I see are in the format: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 However, I've come across workstations with…
user58446
  • 513
  • 6
  • 13
8
votes
3 answers

Chrome browser reports obsolete cipher (AES_256_CBC with HMAC-SHA1)

Jboss 6 server is configured to support these…
user133283
  • 91
  • 1
  • 1
  • 4
7
votes
1 answer

Google Chrome weird random Cipher Suite

This websites gives you information on the SSL cipher suites your browser supports for securing HTTPS connections. If you browse it with Google Chrome, you'll probably see some weird Cipher Suites in your browser supported Cipher Suites list.…
Ebrahim Ghasemi
  • 264
  • 2
  • 10
7
votes
2 answers

Is Telegram E2E Still Insecure?

This was already asked here, but I have questions about the answer. https://security.stackexchange.com/a/49802/118071 I'm not sure if that answer applies to the full E2E mode. Another answer states: Diffie-Hellman End-to-end encryption is known to…
Jesse Adam
  • 167
  • 1
  • 5
7
votes
1 answer

Is the order of cipher suites related to the client's preferences ?

I am wondering if the order in which the cipher suites appear (from top to bottom) in the ClientHello message, and the client preference are relevant. So for example in the picture I have attached, is TLS_RSA_WITH_RC4_128_MD5 the most preferred…
Irene Ant
  • 659
  • 7
  • 19
7
votes
1 answer

Openssl ciphers list sorting and removing

I was playing with a ciphers app to create example list of suites. Looking at the website (https://openssl.org/docs/manmaster/apps/ciphers.html) if I run one of the examples there: openssl ciphers -v '3DES:+RSA' I supposed to get a list of 3DES…
6
votes
3 answers

Qualys SSL Scan weak cipher suites which are secure according to ciphersuite.info

I am testing my application SSL configuration in Qualys SSL Labs and as a result, I have this cipher suites labeled as weak: But according to https://ciphersuite.info/ all of these cipher suites are secure or even recommended. How should I…
user187205
  • 1,163
  • 3
  • 15
  • 24
6
votes
2 answers

Role of the chosen ciphersuite in an SSL/TLS connection

When it comes to a secure TLS configuration (e.g. for HTTPS), the topic is prominently about the supported cipher suites. I want to fully understand which part of the cipher suite has which role in a SSL/TLS connection. So from what I understand it…
SaAtomic
  • 989
  • 2
  • 15
  • 27
1
2 3
9 10