(Very) Basic Intro to the Scrypt Hash

litecoin

Scrypt is a slow-by-design key derivation function designed to create strong cryptographic keys. Simply put, the purpose of the Scrypt hash is to create a fingerprint of its input data but to do it very slowly. A common use-case is to create a strong private key from a password, where the new private key is …

Read more

(Very) Basic Intro To White-Box Cryptography

depositphotos 233639070 stock video abstract 3d monochrom cube rotating

White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, …

Read more

JWT Authentication in Golang

logo 400

Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article, we’ll go over the basics of JWT’s and how to implement a secure authentication strategy in Go! What is a JWT? JSON Web Tokens are an open, industry-standard RFC …

Read more

How Do Brute-Force Attackers Know They Found The Key?

armstrong 1

Brute force attackers guess passwords, passphrases, and private keys in an attempt to eventually get the right answer and crack the security of a system. They systematically guess every combination. For example, if they were guessing telephone numbers in the US: The question is, how do they know when they have the right key? It …

Read more

AES-256 Cipher – Python Cryptography Examples

photo 1507680225127 6450260913c0

Want to encrypt text with a password or private key in Python? AES-256 is a solid symmetric cipher that is commonly used to encrypt data for oneself. In other words, the same person who encrypts the data also decrypts it, the way personal password managers work. Dependencies For this tutorial, we’ll be using Python 3, …

Read more

Will Banning Cryptography Keep the Country Safe?

key in palm of hand

Politicians in the United States have been claiming recently that end-to-end encryption is certainly too dangerous to permit. This movement is serious. Congress even introduced a bill that would remove the protections that we currently have that allow us to legally encrypt information. Lindsey Graham is one such proponent of this restrictive legislation: Senator Lindsey …

Read more

Is Open-Source Cryptography Really Secure?

photo 1497285597995 6ed7de6bfebd

The purpose of cryptography is to keep information private, and the purpose of open-source is to make code public… So we shouldn’t open-source our cryptography algorithms right? I’ve been asked this several times by multiple people so I figured it is a subject worth addressing. Many developers seem to be under the impression that crypto …

Read more

Hashing Passwords – Python Cryptography Examples

python

Building a from-scratch server or using a lightweight framework is empowering. With that power comes responsibility, specifically the responsibility to securely store user’s passwords. Not understanding the security implications of password storage can lead to devastating breaches and leaks. If you are building an application and need to store user credentials, learn about hash functions. …

Read more

Why is Exclusive Or (XOR) Important in Cryptography?

math

If you are getting into cryptography, or just trying to understand the fundamentals, you may have noticed that the exclusive-or (XOR) operation is used quite often, especially in ciphers. XOR is a simple bitwise operation that allows cryptographers to create strong encryption systems, and consequently is a fundamental building block of practically all modern ciphers. …

Read more