They Who Control Encryption

They Who Control Encryption - 1984 Eye

If you’ve seen The Imitation Game, or studied computer science in school, you have likely heard of Enigma, Alan Turing, or some of the other advances in cryptography that took place during the Second World War. During this time and until the 1970’s, governments from around the world had near-total control of all cryptographic systems. … Read more They Who Control Encryption

HMAC and MACs – The Inner Workings of JWTs

cybersecurity speakers

HMACs and MACs are authentication codes and are often the backbone of JWT authentication systems. Let’s take a look at how they work. MAC – Message Authentication Code MACs are exactly what they sound like; small codes that allow receivers of messages to know who the sender was (authentication). A MAC code is calculated by … Read more HMAC and MACs – The Inner Workings of JWTs

(Very) Basic Intro to PGP (GPG)

computer with encrypted data on screen

PGP, or its open-source alternative, GPG, is a program used to encrypt data such that only an authorized party can decrypt it. In this introduction, we will cover its use-cases and a high-level overview of the algorithms involved. Both programs (and others) adhere to the OpenPGP protocol. Because it is an implementation agnostic protocol, people … Read more (Very) Basic Intro to PGP (GPG)

(Very) Basic Intro to the Scrypt Hash

Scrypt

Scrypt is a slow-by-design hash function or more accurately, a KDF function. Its purpose is to take some input data, and create a fingerprint of that data, but to do it very slowly. A common use-case is to take a password and create an n-bit private key, which is much longer and more secure. Here … Read more (Very) Basic Intro to the Scrypt Hash

(Very) Basic Intro To Elliptic Curve Cryptography

1 KKdvscN4y

Elliptic curve cryptography is an efficient modern approach to public-key cryptosystems. In this introduction, our goal will be to focus on the high-level principles of what makes ECC work. We will omit implementation details and mathematical proofs, we can save those for another article. What It’s For? A common use of ECC is to encrypt data … Read more (Very) Basic Intro To Elliptic Curve Cryptography

How SHA-2 Works Step-By-Step (SHA-256)

child looking at stair steps

SHA-2 (Secure Hash Algorithm 2), of which SHA-256 is a part, is one of the most popular hashing algorithms out there. In this article, we are going to break down each step of the algorithm as simple as we can and work through a real-life example by hand. SHA-2 is known for its security (it … Read more How SHA-2 Works Step-By-Step (SHA-256)

(Very) Basic Intro To White-Box Cryptography

depositphotos 233639070 stock video abstract 3d monochrom cube rotating

White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, … Read more (Very) Basic Intro To White-Box Cryptography

How To Build JWT’s in Go (Golang)

logo 400

By Lane Wagner – @wagslane on Twitter Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article, we are going to go over the basics of JWT’s and how to implement a secure authentication strategy in Go! What is a … Read more How To Build JWT’s in Go (Golang)

How Do Brute-Force Attackers Know They Found The Key?

armstrong 1

By Lane Wagner – @wagslane on Twitter Brute force attackers guess passwords, passphrases, and private keys in an attempt to eventually get the right answer and crack the security of a system. They systematically guess every combination. For example, if they were guessing telephone numbers in the US: The question is, how do they know when they … Read more How Do Brute-Force Attackers Know They Found The Key?