White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, … Read more (Very) Basic Intro To White-Box Cryptography
By Lane Wagner – @wagslane on Twitter Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article, we are going to go over the basics of JWT’s and how to implement a secure authentication strategy in Go! What is a … Read more How To Build JWT’s in Go (Golang)
By Lane Wagner – @wagslane on Twitter Brute force attackers guess passwords, passphrases, and private keys in an attempt to eventually get the right answer and crack the security of a system, but how do they know when they have the right key? It depends on the system. Let’s answer the question three times, one for three … Read more How Do Brute-Force Attackers Know They Found The Key?
By Lane Wagner – @wagslane on Twitter Need to encrypt some text with a password or private key in Python? You certainly came to the right place. AES-256 is a solid symmetric cipher that is commonly used to encrypt data for oneself. In other words, the same person who is encrypting the data is typically decrypting it … Read more AES-256 Cipher – Python Cryptography Examples
By Lane Wagner – @wagslane on Twitter Politicians in the United States have been claiming recently that end-to-end encryption is certainly too dangerous to permit. This movement is serious. Congress even introduced a bill that would remove the protections that we currently have that allow us to legally encrypt information. Lindsey Graham is one such proponent of … Read more Will Banning Cryptography Keep the Country Safe?
By Lane Wagner – @wagslane on Twitter The purpose of cryptography is to keep information private, and the purpose of open-source is to make code public… So we shouldn’t open source our cryptography algorithms right? I’ve been asked this several times by multiple people so I figured it is a subject worth addressing. Many developers seem to … Read more Is Open-Source Cryptography Really Secure?
By Lane Wagner – @wagslane on Twitter Building a from-scratch server or using a lightweight framework is empowering. With that power comes responsibility, specifically the responsibility to securely store user’s passwords. Can I Store Passwords In Plain Text? To demonstrate the potential dangers, let us assume we DON’T hash passwords on a fake example website, LoveMatchingToday. Inevitably … Read more Hashing Passwords – Python Cryptography Examples
By Lane Wagner – @wagslane on Twitter Lattice-based cryptography has been coming into the spotlight recently. In January 2019, Many of the semifinalists in the NIST post-quantum-cryptography competition were based on lattices. Let’s explore the basics of lattices and how they apply to cryptosystems. What is a Lattice? According to Wikipedia, a lattice is the set of … Read more (Very) Basic Intro to Lattices in Cryptography
If you are getting into cryptography, or just trying to understand the fundamentals, you may have noticed that the exclusive-or operation is used quite often, especially in ciphers. What is XOR (⊕)? XOR, or “exclusive or” operates on binary data. It returns true if both of its inputs are opposites (one false and one true), … Read more Why is Exclusive Or (XOR) Important in Cryptography?