Safeguard
Topic

Cryptography

In-depth guides and analysis on cryptography from the Safeguard engineering team.

15 articles

Cryptography

Merkle tree in transparency logs

A Merkle tree is a hash-based data structure that lets transparency logs prove data integrity efficiently, using Merkle proofs and certificate transparency.

Mar 4, 20267 min read
Cryptography

Certificate transparency log

A concrete guide to certificate transparency logs: how SCTs verify issuance, how CT monitoring works, and how rogue certificates get detected fast.

Mar 4, 20267 min read
Cryptography

Hash collision attack

What is a hash collision, and why does it break integrity checks and signatures? A precise definition, the SHA-1 collision attack, and how Safeguard closes the gap.

Feb 28, 20266 min read
Cryptography

HMAC

HMAC is a cryptographic construct that combines a hash function with a secret key to verify both the integrity and authenticity of a message.

Feb 28, 20267 min read
Cryptography

Elliptic curve cryptography (ECC)

A precise, technical answer to what is elliptic curve cryptography — plus how ECC vs RSA, ECDSA signatures, and ECDH key exchange secure modern systems.

Feb 27, 20267 min read
Cryptography

Post-quantum cryptography

Post-quantum cryptography protects data from future quantum attacks. See how NIST-standardized, lattice-based algorithms defend today's software supply chain.

Feb 27, 20268 min read
Cryptography

Hardware Security Module (HSM)

What is an HSM? Learn how hardware security modules store signing keys, how HSM vs KMS differs, and why FIPS 140-2 HSMs protect code-signing keys.

Feb 27, 20267 min read
Cryptography

Perfect forward secrecy

Perfect forward secrecy stops a single leaked TLS key from unlocking years of past traffic. Here's how ephemeral key exchange works, and why it matters for supply chain security.

Feb 26, 20267 min read
Cryptography

Cryptographic salt vs pepper

What is a cryptographic salt, and how does it differ from pepper in password hashing? A technical breakdown of salted hashes, bcrypt salt rounds, and best practices.

Feb 26, 20267 min read
Cryptography

Pass-the-hash attack

What is a pass-the-hash attack? Learn how NTLM hash theft enables lateral movement across Windows networks, with real-world examples and mitigation strategies.

Feb 25, 20266 min read
Cryptography

How to set up HashiCorp Vault for secrets management

A step-by-step guide to set up HashiCorp Vault for secrets management, covering installation, dynamic secrets, Kubernetes integration, and verification steps.

Feb 20, 20267 min read
Cryptography

What crypto-agility means and how to design for algorithm...

What crypto agility really means, why SHA-1's decade-long death proved it, and how to design algorithm swaps into software before NIST's PQC deadlines force the issue.

Dec 13, 20257 min read
Cryptography — Supply Chain Security Blog | Safeguard