How To Correctly Validate Passwords – Most Websites Do It Wrong

How To Correctly Validate Passwords - Most Websites Do It Wrong

You’ve probably visited a site and attempted to sign-up only to be met with errors such as: Password needs a capital letter Password needs a special character Password needs to be at least 8 characters I just released a package in Go that solves this problem. Check it out and give it a star here: … Read more

(Very) Basic Intro To Elliptic Curve Cryptography

Basic Intro to Elliptic Curve Cryptography

Elliptic curve cryptography is a modern public-key encryption technique based on mathematical elliptic curves. Elliptic curve crypto often creates smaller, faster, and more efficient cryptographic keys. In this introduction, our goal will be to focus on the high-level principles of what makes ECC work. For the purposes of keeping this article easy to digest, we’ll omit implementation … Read more

(Very) Basic Intro to Lattices in Cryptography

Intro to Lattice-Based Cryptography

Lattice-based cryptography, an important contender in the race for quantum-safe encryption, describes constructions of cryptographic primitives that involve mathematical lattices. Lattices as they relate to crypto have been coming into the spotlight recently. In January 2019, Many of the semifinalists in the NIST post-quantum-cryptography competition were based on lattices. Lattice-based cryptography has promising aspects that give us hope … Read more

They Who Control Encryption

They Who Control Encryption - 1984 Eye

If you’ve seen The Imitation Game or studied computer science in school, you have likely heard of Enigma, Alan Turing, or some of the other advances in cryptography that took place during the Second World War. During this time and until the 1970s, governments from around the world had near-total control of all cryptographic systems. … Read more

Achieving Data Integrity Using Cryptography

photo 1542185400 f1c993ecbea2

Data integrity refers to the accuracy, legitimacy, and consistency of information in a system. When a message is sent, particularly using an untrusted medium, data integrity provides us confidence that the message wasn’t tampered with. For example, the SSL signature of Qvault provides confidence that the webpage and data coming from our servers are really … Read more

(Very) Basic Intro To White-Box Cryptography

depositphotos 233639070 stock video abstract 3d monochrom cube rotating

White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment. What Does “White-Box” Mean? In penetration testing, … Read more

How To Build JWT’s in Go (Golang)

logo 400

Go is becoming very popular for backend web development, and JWT’s are one of the most popular ways to handle authentication on API requests. In this article we go over the basics of JWT’s and how to implement a secure authentication strategy in Go! In fact, our Qvault app uses almost this exact same strategy … Read more