## How To Correctly Validate Passwords – Most Websites Do It Wrong

You’ve probably visited a site and attempted to sign-up only to be met with errors such as: Password needs a capital letter Password needs a special character Password needs to be at least 8 characters I just released a package in Go that solves this problem. Check it out and give it a star here: … Read more

## What Is Entropy In Cryptography?

In cryptography, entropy refers to the randomness collected by a system for use in algorithms that require random data. A lack of good entropy can leave a cryptosystem vulnerable and unable to encrypt data securely.

## (Very) Basic Intro To Elliptic Curve Cryptography

Elliptic curve cryptography is a modern public-key encryption technique based on mathematical elliptic curves. Elliptic curve crypto often creates smaller, faster, and more efficient cryptographic keys. In this introduction, our goal will be to focus on the high-level principles of what makes ECC work. For the purposes of keeping this article easy to digest, we’ll omit implementation … Read more

## (Very) Basic Intro to Lattices in Cryptography

Lattice-based cryptography, an important contender in the race for quantum-safe encryption, describes constructions of cryptographic primitives that involve mathematical lattices. Lattices as they relate to crypto have been coming into the spotlight recently. In January 2019, Many of the semifinalists in the NIST post-quantum-cryptography competition were based on lattices. Lattice-based cryptography has promising aspects that give us hope … Read more

## They Who Control Encryption

If you’ve seen The Imitation Game or studied computer science in school, you have likely heard of Enigma, Alan Turing, or some of the other advances in cryptography that took place during the Second World War. During this time and until the 1970s, governments from around the world had near-total control of all cryptographic systems. … Read more

## HMAC and MACs – The Inner Workings of JWTs

HMACs and MACs are authentication codes and are often the backbone of JWT authentication systems. A Message Authentication Code (MAC) is a string of bits that depends on a secret key and is sent with a message to prove the message wasn’t tampered with. HMACs are a more strict version of MACs that offer additional … Read more

## How SHA-2 Works Step-By-Step (SHA-256)

SHA-2 (Secure Hash Algorithm 2), of which SHA-256 is a part, is one of the most popular hashing algorithms out there. In this article, we are going to break down each step of the algorithm as simple as we can and work through a real-life example by hand. SHA-2 is known for its security (it … Read more

## Achieving Data Integrity Using Cryptography

Data integrity refers to the accuracy, legitimacy, and consistency of information in a system. When a message is sent, particularly using an untrusted medium, data integrity provides us confidence that the message wasn’t tampered with. For example, the SSL signature of Qvault provides confidence that the webpage and data coming from our servers are really … Read more

## (Very) Basic Intro To White-Box Cryptography

White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, … Read more

## How To Build JWT’s in Go (Golang)

Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article we go over the basics of JWT’s and how to implement a secure authentication strategy in Go! In fact, our Qvault app uses almost this exact same strategy … Read more