HMAC and MACs – The Inner Workings of JWTs

cybersecurity speakers

HMACs and MACs are authentication codes and are often the backbone of JWT authentication systems. A Message Authentication Code (MAC) is a string of bits that depends on a secret key and is sent with a message to prove the message wasn’t tampered with. HMACs are a more strict version of MACs that offer additional …

Read more

(Very) Basic Intro to PGP (GPG)

computer with encrypted data on screen

PGP, or its open-source alternative, GPG, is a program used to encrypt data such that only an authorized party can decrypt it. In this introduction, we will cover its use-cases and a high-level overview of the algorithms involved. Both programs (and others) adhere to the OpenPGP protocol. Because it is an implementation agnostic protocol, people …

Read more

(Very) Basic Intro to the Scrypt Hash

litecoin

Scrypt is a slow-by-design key derivation function designed to create strong cryptographic keys. Simply put, the purpose of the Scrypt hash is to create a fingerprint of its input data but to do it very slowly. A common use-case is to create a strong private key from a password, where the new private key is …

Read more

Achieving Data Integrity Using Cryptography

photo 1542185400 f1c993ecbea2

Data integrity refers to the accuracy, legitimacy, and consistency of information in a system. When a message is sent, particularly using an untrusted medium, data integrity provides us confidence that the message wasn’t tampered with. For example, the SSL signature of Qvault provides confidence that the webpage and data coming from our servers are really …

Read more

(Very) Basic Intro To White-Box Cryptography

depositphotos 233639070 stock video abstract 3d monochrom cube rotating

White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, …

Read more

JWT Authentication in Golang

logo 400

Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article, we’ll go over the basics of JWT’s and how to implement a secure authentication strategy in Go! What is a JWT? JSON Web Tokens are an open, industry-standard RFC …

Read more

How Do Brute-Force Attackers Know They Found The Key?

armstrong 1

Brute force attackers guess passwords, passphrases, and private keys in an attempt to eventually get the right answer and crack the security of a system. They systematically guess every combination. For example, if they were guessing telephone numbers in the US: The question is, how do they know when they have the right key? It …

Read more

AES-256 Cipher – Python Cryptography Examples

photo 1507680225127 6450260913c0

Want to encrypt text with a password or private key in Python? AES-256 is a solid symmetric cipher that is commonly used to encrypt data for oneself. In other words, the same person who encrypts the data also decrypts it, the way personal password managers work. Dependencies For this tutorial, we’ll be using Python 3, …

Read more

Will Banning Cryptography Keep the Country Safe?

key in palm of hand

Politicians in the United States have been claiming recently that end-to-end encryption is certainly too dangerous to permit. This movement is serious. Congress even introduced a bill that would remove the protections that we currently have that allow us to legally encrypt information. Lindsey Graham is one such proponent of this restrictive legislation: Senator Lindsey …

Read more