HMAC and MACs – The Inner Workings of JWTs

HMACs and MACs are authentication codes and are often the backbone of JWT authentication systems. Let’s take a look at how they work. MAC – Message Authentication Code MACs are exactly what they sound like; small codes that allow receivers of messages to know who the sender was (authentication). A MAC code is calculated by … Read more HMAC and MACs – The Inner Workings of JWTs

(Very) Basic Intro to PGP (GPG)

computer with encrypted data on screen

PGP, or its open-source alternative, GPG, is a program used to encrypt data such that only an authorized party can decrypt it. In this introduction, we will cover its use-cases and a high-level overview of the algorithms involved. Both programs (and others) adhere to the OpenPGP protocol. Because it is an implementation agnostic protocol, people … Read more (Very) Basic Intro to PGP (GPG)

(Very) Basic Intro to the Scrypt Hash

Scrypt is a slow-by-design hash function or more accurately, a KDF function. Its purpose is to take some input data, and create a fingerprint of that data, but to do it very slowly. A common use-case is to take a password and create an n-bit private key, which is much longer and more secure. Here … Read more (Very) Basic Intro to the Scrypt Hash

(Very) Basic Intro To Elliptic Curve Cryptography

Elliptic curve cryptography is an efficient modern approach to public-key cryptosystems. In this introduction, our goal will be to focus on the high-level principles of what makes ECC work. We will omit implementation details and mathematical proofs, we can save those for another article. What It’s For? A common use of ECC is to encrypt data … Read more (Very) Basic Intro To Elliptic Curve Cryptography

How SHA-2 Works Step-By-Step (SHA-256)

child looking at stair steps

SHA-2 (Secure Hash Algorithm 2), of which SHA-256 is a part, is one of the most popular hashing algorithms out there. In this article, we are going to break down each step of the algorithm as simple as we can and work through a real-life example by hand. SHA-2 is known for its security (it … Read more How SHA-2 Works Step-By-Step (SHA-256)

Achieving Data Integrity Using Cryptography

Data integrity refers to the accuracy, legitimacy, and consistency of information in a system. When a message is sent, particularly using an untrusted medium, data integrity provides us confidence that the message wasn’t tampered with. For example, the SSL signature of Qvault provides confidence that the webpage and data coming from our servers are really … Read more Achieving Data Integrity Using Cryptography

(Very) Basic Intro To White-Box Cryptography

White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, … Read more (Very) Basic Intro To White-Box Cryptography

Base64 vs Base58 Encoding

By Lane Wagner – @wagslane on Twitter Base64 is one of the most popular encoding formats for representing data. Have some binary data? Base64 encodes it for convenient readability and parsing. Base58 is just another encoding format (with 58 characters instead of 64, and has gained popularity largely due to Bitcoin and other cryptocurrencies. When it comes … Read more Base64 vs Base58 Encoding

How To Build JWT’s in Go (Golang)

By Lane Wagner – @wagslane on Twitter Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article, we are going to go over the basics of JWT’s and how to implement a secure authentication strategy in Go! What is a … Read more How To Build JWT’s in Go (Golang)