Best of CryptographyOctober 2024

  1. 1
    Article
    Avatar of systemweaknessSystem Weakness·2y

    JSON WEB TOKEN (JWT)

    JSON Web Tokens (JWT) are a standard mechanism for transferring cryptographically signed JSON data, commonly used for access control, session handling, and authentication. Unlike traditional session tokens, JWTs store all necessary data client-side, making them ideal for distributed systems. JWTs consist of a payload, a signature, and a header. They are often used with JSON Web Signature (JWS) and JSON Web Encryption (JWE) extensions. JWT vulnerabilities include flawed signature verification, secret key brute-forcing, header parameter injections, and algorithm confusion attacks. To mitigate these risks, it's crucial to perform robust signature verification, use up-to-date libraries, and apply best practices such as setting token expiration dates and avoiding tokens in URL parameters.

  2. 2
    Article
    Avatar of communityCommunity Picks·2y

    Database 101: SSL/TLS for beginners

    The post provides a beginner-friendly guide on setting up secure and encrypted connections for databases, specifically using SSL/TLS. It covers fundamental concepts, along with practical steps for implementing SSL/TLS using OpenSSL, and configuring authentication in ScyllaDB. The post also includes code snippets and a detailed walk-through for testing encrypted connections using Node.js.

  3. 3
    Article
    Avatar of rubyflowRuby Flow·1y

    OWASP Cheat Sheet Series

    Learn the proper methods for storing passwords to ensure they remain protected even if an application or database is compromised. This guide highlights the importance of using hashing (not encryption) for passwords, the benefits of using salts and peppers, and the recommended hashing algorithms like Argon2id, scrypt, bcrypt, and PBKDF2. It also discusses work factors, upgrading legacy hashes, and ensuring compatibility with international characters.

  4. 4
    Article
    Avatar of elmahelmah.io·2y

    What's new in .NET 9: Cryptography improvements

    Microsoft is introducing significant cryptography updates in .NET 9, set to release in mid-November 2024. Notable updates include the new CryptographicOperations.HashData method, which simplifies and enhances the process of hashing data, and the incorporation of KMAC (KECCAK Message Authentication Code) for improved data integrity and security. KMAC offers various modes and flexible output lengths, supporting modern cryptographic needs while ensuring compatibility with the latest systems.

  5. 5
    Article
    Avatar of csharpcornerC# Corner·2y

    Server-Sent Events in ASP.NET Core for Real-Time Push Not

    Server-Sent Events (SSE) provide a straightforward method for delivering real-time updates from the server to clients using standard HTTP, making it compatible with firewalls and proxies. Unlike WebSockets, SSE is one-way communication, suitable for notifications, stock updates, or live scores. This guide details setting up an SSE-based notification service in ASP.NET Core, including SSE subscription endpoints, client-side setup with Angular, and managing connections in a load-balanced environment.

  6. 6
    Article
    Avatar of hnHacker News·2y

    Freenet

    Freenet is proposed as a decentralized replacement for the centralized internet dominated by a few corporations. It aims to address issues such as censorship, data exploitation, and user exclusion from essential services. Freenet offers solutions to problems like spam, DDoS attacks, and data privacy. The platform supports decentralized alternatives to current services, ensuring interoperability, scalability, and security through cryptographic techniques.

See all Cryptography archives