Data integrity refers to the accuracy, legitimacy, and consistency of information in a system. When a message is sent, particularly using an untrusted medium, data integrity provides us confidence that the message wasn’t tampered with. What Are Potential Causes of Illegitimate Data? Data integrity provides protection from a wide range of problems which involve data … Read more Achieving Data Integrity Using Cryptography
White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, … Read more (Very) Basic Intro To White-Box Cryptography
By Lane Wagner – @wagslane on Twitter Base64 is one of the most popular encoding formats for representing data. Have some binary data? Base64 encodes it for convenient readability and parsing. Base58 is just another encoding format (with 58 characters instead of 64, and has gained popularity largely due to Bitcoin and other cryptocurrencies. When it comes … Read more Base64 vs Base58 Encoding
By Lane Wagner – @wagslane on Twitter Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article, we are going to go over the basics of JWT’s and how to implement a secure authentication strategy in Go! What is a … Read more How To Build JWT’s in Go (Golang)
By Lane Wagner – @wagslane on Twitter Brute force attackers guess passwords, passphrases, and private keys in an attempt to eventually get the right answer and crack the security of a system, but how do they know when they have the right key? It depends on the system. Let’s answer the question three times, one for three … Read more How Do Brute-Force Attackers Know They Found The Key?
By Lane Wagner – @wagslane on Twitter Need to encrypt some text with a password or private key in Python? You certainly came to the right place. AES-256 is a solid symmetric cipher that is commonly used to encrypt data for oneself. In other words, the same person who is encrypting the data is typically decrypting it … Read more AES-256 Cipher – Python Cryptography Examples
By Lane Wagner – @wagslane on Twitter Politicians in the United States have been claiming recently that end-to-end encryption is certainly too dangerous to permit. This movement is serious. Congress even introduced a bill that would remove the protections that we currently have that allow us to legally encrypt information. Lindsey Graham is one such proponent of … Read more Will Banning Cryptography Keep the Country Safe?
By Lane Wagner – @wagslane on Twitter The purpose of cryptography is to keep information private, and the purpose of open-source is to make code public… So we shouldn’t open source our cryptography algorithms right? I’ve been asked this several times by multiple people so I figured it is a subject worth addressing. Many developers seem to … Read more Is Open-Source Cryptography Really Secure?
By Lane Wagner – @wagslane on Twitter Building a from-scratch server or using a lightweight framework is empowering. With that power comes responsibility, specifically the responsibility to securely store user’s passwords. Can I Store Passwords In Plain Text? To demonstrate the potential dangers, let us assume we DON’T hash passwords on a fake example website, LoveMatchingToday. Inevitably … Read more Hashing Passwords – Python Cryptography Examples