Tag: HMAC

Cryptography

Database Cryptography Fur the Rest of Us

Post author By Soatok
Post date March 1, 2023
7 Comments on Database Cryptography Fur the Rest of Us

An introduction to database cryptography.

Tags applied cryptography, block cipher modes, cryptography, database cryptography, databases, encrypted search, HMAC, MongoCrypt, MongoDB, Queryable Encryption, real-world cryptography, security, Security Guidance, SQL, SSE, symmetric cryptography, symmetric searchable encryption

Cryptography

Understanding HKDF

HKDF has poorly-understood subtleties. Let’s explore them in detail.

Tags cryptographic hash function, cryptography, hash function, HMAC, KDF, key-derivation function, security definition, Security Guidance

Cryptography Meta-blog Society The Furry Fandom

Lightning Round

An assortment of topics that don’t quite deserve their own dedicated blog post.

Tags asymmetric cryptography, ECDSA, Florida, furries, Furry Fandom, HMAC, Politics, RSA, wear-out

Cryptography Software Security

Canonicalization Attacks Against MACs and Signatures

Post author By Soatok
Post date July 30, 2021
6 Comments on Canonicalization Attacks Against MACs and Signatures

Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol. The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the […]

Tags collision attacks, cryptographic hash function, cryptography, digital signature algorithm, DSSE, HMAC, length-extension attacks, MACs, PASETO, Security Guidance

Cryptography Software Security

The Subtle Hazards of Real-World Cryptography

Post author By Soatok
Post date November 27, 2020
1 Comment on The Subtle Hazards of Real-World Cryptography

Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll probably elect to use something like bcrypt, scrypt, Argon2id, or PBKDF2. (If you thought to use something else, you’re almost certainly doing it wrong.) Let’s say, due to […]

Tags computer security, cryptographic hash function, cryptography, dumb exploit, HMAC, infosec, password hashing, PBKDF2, Security Guidance