1. Critical vulnerabilities in JSON Web Token libraries
My research in March 2015 uncovered a design flaw in the JWT standard and critical vulnerabilities in popular JWT libraries. An attacker could exploit an affected to library to, e.g., take control of arbitrary user accounts.
2. A beginner's guide to constant-time cryptography
A comprehensive introduction to the obscure art of writing timing-attack-proof crypto code.
3. The design flaw in PBKDF2
PBKDF2 is a popular algorithm for password hashing and key derivation. Unfortunately, a small configuration mistake often reduces its effectiveness by 50% or more.
The radix 2^51 trick
A beginner's guide to constant-time cryptography
Why you should be using HTTP Strict Transport Security (HSTS) on your website
Signing files vs signing file hashes
Your attack cost estimates are probably too low
The design flaw in PBKDF2
Cryptography red flags
Breaking crypto: repeated-key XOR
5 rules for escaping callback hell
/dev/urandom doesn't run out of entropy
What is a block cipher, exactly?
Critical vulnerabilities in JSON Web Token libraries