Security in Dependencies

Choosing the right dependencies is a difficult task. Assuming the developer of an application is the best programmer in the world, the “best” thing to do would be to write the entire codebase alone. This would eliminate the bugs, vulnerabilities, and malicious intrusions of inferior developers. We at Qvault recognize that we aren’t the best developers in the world, but …

Guard Clauses: How to clean up Conditionals

One of the first techniques developers learn is the if/else statement. For obvious reasons if/else statements are a primary way to create logic trees, where calculations are handled differently depending on the input variables. However, complex and nested if/else statements become a cognitive burden to reason about, and can be hard for the next developer to understand quickly. Guard Clauses …

Automatic Cross-Platform Deployments with Electron on a CI Server (Travis)

This is a tutorial on how to setup an Electron app on Travis CI, so that new versions are deployed to Github Releases with a simple pull request. Boilerplate I created a boilerplate repo that has all the necessary configuration to deploy a minimalistic app to Github releases. If you get lost during the tutorial you can look to that …

Creating and Remembering a Strong Passphrase

We all have hundreds of online accounts. Ideally, as many of those accounts as possible have unique passwords. Unique passwords however present a difficult problem: No one can remember hundreds of strong passwords. To fix this problem, we created password managers. Now, all of our passwords are neatly stored in one place, encrypted by one master password or passphrase. The …

Big Brother

They Who Control Encryption

By Lane Wagner Anyone who has seen the movie The Imitation Game, or studied computer science in school, probably has at least a brief understanding of Enigma, Alan Turing, and some of the other fun cryptography that went on during WWII. During this time and until the 1970’s, governments from around the world had near total control of all cryptographic …

https://dissolve.com/video/Key-ring-frozen-ice-royalty-free-stock-video-footage/001-D617-9-730

BIP 32 Watch-Only Wallets

By Lane Wagner Bitcoin improvement proposal 32 is, in my opinion, one of the most important BIPs we have. (Thanks Peter Wuille!) BIP 32 gave us Hierarchical Deterministic Wallets, that is, the ability to create a tree of keys from a single seed. In the early days of Bitcoin, each time a user wanted to receive new coins, their wallet …

https://whyy.org/episodes/in-science-we-trust/

Trustworthy vs Trustless Apps

By Lane Wagner In the wake of the hearings about Facebook’s new Libra blockchain, it is more important than ever that we all understand the difference between trustworthy and trustless apps. A trustworthy app is an app whose developers are known and trusted by the community. The developer’s reputations and businesses are on the line, so they are motivated to …

Snyk Security Review

By Lane Wagner We recently integrated Snyk into Qvault as a way to get more visibility into known vulnerabilities in Qvault’s code base. Snyk has already patched a critical vulnerability in lodash for us, which allowed us to continue releasing new versions before the official fix for lodash was published a few days ago. We can’t speak to whether Snyk …

https://www.scienceandtechnologyresearchnews.com/the-race-to-build-a-quantum-computer/

Is AES-256 Quantum Resistant?

By Lane Wagner With quantum computers getting more powerful every year, many worry about the safety of modern encryption standards. As quantum computers improve in performance and the number of qubits used for calculations increase, current crypto systems are under more threat of attack. What will break? Many asymmetric encryption algorithms have been mathematically proven to be broken by quantum …