Explore >> Select a destination
|
You are here 
|
blog.cr.yp.to | ||
| | | | |
andrea.corbellini.name
|
|
| | | | | [AI summary] This technical blog post explains the mathematical principles, key generation, and implementation details of Elliptic Curve Cryptography (ECC) covering domain parameters, verifiably random curves, ECDH key exchange, and ECDSA signatures. | |
| | | | |
www.bearssl.org
|
|
| | | | | ||
| | | | |
keymaterial.net
|
|
| | | | | One weird hobby of mine is reasonable properties of cryptographic schemes that nobody promised they do or don't have. Whether that's invisible salamanders or binding through shared secrets, anything that isn't just boring IND-CCA2 or existential unforgeability is just delightful material to construct vulnerabilities with. Normally, with a signature scheme, you have the public key... | |
| | | | |
pboyd.io
|
|
| | | Here's a fun list to look through: Dumb Password Rules. Most of the rules seem arbitrary, like only allowing digits, but some hint at deeper problems. For instance, preventing single-quotes. They aren't inserting passwords into a database without a SQL placeholder, right? Nearly every site on that list has a needlessly short maximum password size. If they're storing passwords correctly, there's no need for this. This post will go through a few bad ways to store a password and you can see what I mean.... | ||
