Website Security Solutions | Latest Guides | Blog

How to choose the right encryption

| #Articles

It can be very difficult to bridge the gap between the theoretical and the practical. This is a pattern I’ve seen repeat itself again and again throughout my career – someone might be very technical, and very familiar with encryption, but when it comes time to solve a real-world business problem as a developer or a systems administrator, that knowledge doesn’t always translate to something defen… [read more →]

PBKDF2: Password Based Key Derivation

| #Articles

PBKDF2, defined in RFC 2898, is a specific Key Derivation Function (KDF). A KDF is simply any mechanism for taking a password (something a user remembers or stores in a password manager) and turning it into a symmetric key suitable for cryptographic operations (i.e., AES). It turns out that this approach is extremely handy for a variety of use cases. However, it is also not without its flaws. … [read more →]

Certificate Revocation, How it Works with CRLs or OCSP

| #Articles

Certificate Revocation refers to the act of canceling a signed certificate before its expiration date. This can be done due to private key compromise, retirement of a service, or various administrative reasons. There are many different approaches for verifying that a certificate is still in good standing, and often a combination is used in order to provide fault tolerance. Certificate… [read more →]

Encryption vs Hashing: What’s the difference?

| #Articles

Both Encryption and Hashing are fundamental building blocks of cryptosystems. When it comes to best practices for storing credentials in your application however, best practice is largely driven by what you’re trying to do. There are a lot of well-meaning security professionals who elect an extremely dogmatic stance: “Encrypting passwords is bad! You must hash them”. This is usually true, except when … [read more →]

What Is SNI? Encrypted SNI (ESNI and ECH)

| #Articles

When a piece of server software wants to make itself available to clients via the network, it binds to a socket. A socket is simply the IP address and port combination the server software listens on for connections. (Most commonly server software chooses to listen on a particular port across all available network interfaces). What happens though if a particular server wants to serve multiple,… [read more →]