Most popular

1. Critical vulnerabilities in JSON Web Token libraries

My research in March 2015 uncovered a design flaw in the JWT standard and critical vulnerabilities in popular JWT libraries. An attacker could exploit an affected to library to, e.g., take control of arbitrary user accounts.

2. A beginner's guide to constant-time cryptography

A comprehensive introduction to the obscure art of writing timing-attack-proof crypto code.

3. The design flaw in PBKDF2

PBKDF2 is a popular algorithm for password hashing and key derivation. Unfortunately, a small configuration mistake often reduces its effectiveness by 50% or more.

All articles