(Very) Basic Intro to PGP (GPG)

computer with encrypted data on screen

PGP, or its open-source alternative, GPG, is a program used to encrypt data such that only an authorized party can decrypt it. In this introduction, we will cover its use-cases and a high-level overview of the algorithms involved. Both programs (and others) adhere to the OpenPGP protocol. Because it is an implementation agnostic protocol, people … Read more

(Very) Basic Intro to the Scrypt Hash

litecoin

Scrypt is a slow-by-design key derivation function designed to create strong cryptographic keys. Simply put, the purpose of the Scrypt hash is to create a fingerprint of its input data but to do it very slowly. A common use-case is to create a strong private key from a password, where the new private key is … Read more

Achieving Data Integrity Using Cryptography

photo 1542185400 f1c993ecbea2

Data integrity refers to the accuracy, legitimacy, and consistency of information in a system. When a message is sent, particularly using an untrusted medium, data integrity provides us confidence that the message wasn’t tampered with. For example, the SSL signature of Qvault provides confidence that the webpage and data coming from our servers are really … Read more

(Very) Basic Intro To White-Box Cryptography

depositphotos 233639070 stock video abstract 3d monochrom cube rotating

White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, … Read more

JWT Authentication in Golang

logo 400

Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article, we’ll go over the basics of JWT’s and how to implement a secure authentication strategy in Go! In fact, the Qvault app uses almost this exact same strategy … Read more

How Do Brute-Force Attackers Know They Found The Key?

armstrong 1

Brute force attackers guess passwords, passphrases, and private keys in an attempt to eventually get the right answer and crack the security of a system. They systematically guess every combination. For example, if they were guessing telephone numbers in the US: The question is, how do they know when they have the right key? It … Read more

Will Banning Cryptography Keep the Country Safe?

key in palm of hand

Politicians in the United States have been claiming recently that end-to-end encryption is certainly too dangerous to permit. This movement is serious. Congress even introduced a bill that would remove the protections that we currently have that allow us to legally encrypt information. Lindsey Graham is one such proponent of this restrictive legislation: Senator Lindsey … Read more

Is Open-Source Cryptography Really Secure?

photo 1497285597995 6ed7de6bfebd

The purpose of cryptography is to keep information private, and the purpose of open-source is to make code public… So we shouldn’t open source our cryptography algorithms right? I’ve been asked this several times by multiple people so I figured it is a subject worth addressing. Many developers seem to be under the impression that … Read more