Most popular

1. Critical vulnerabilities in JSON Web Token libraries

My research in March 2015 uncovered a design flaw in the JWT standard and critical vulnerabilities in popular JWT libraries. An attacker could exploit an affected to library to, e.g., take control of arbitrary user accounts.

2. Your attack cost estimates are probably too low

In this article, I do my best to debunk a common way of misunderstanding the risks of using weak encryption. Alternative title: "Why 768-bit RSA is a bad idea".

3. The design flaw in PBKDF2

PBKDF2 is a popular algorithm for password hashing and key derivation. Unfortunately, a small configuration mistake often reduces its effectiveness by 50% or more.

All articles