1. Critical vulnerabilities in JSON Web Token libraries
My research in March 2015 uncovered a design flaw in the JWT standard and critical vulnerabilities in popular JWT libraries. An attacker could exploit an affected to library to, e.g., take control of arbitrary user accounts.
2. Your attack cost estimates are probably too low
In this article, I do my best to debunk a common way of misunderstanding the risks of using weak encryption. Alternative title: "Why 768-bit RSA is a bad idea".
3. The design flaw in PBKDF2
PBKDF2 is a popular algorithm for password hashing and key derivation. Unfortunately, a small configuration mistake often reduces its effectiveness by 50% or more.
A beginner's guide to constant-time cryptography
Why you should be using HTTP Strict Transport Security (HSTS) on your website
Signing files vs signing file hashes
Your attack cost estimates are probably too low
The design flaw in PBKDF2
Cryptography red flags
Breaking crypto: repeated-key XOR
5 rules for escaping callback hell
/dev/urandom doesn't run out of entropy
What is a block cipher, exactly?
Critical vulnerabilities in JSON Web Token libraries