Cryptography
In-depth guides and analysis on cryptography from the Safeguard engineering team.
15 articles
Merkle tree in transparency logs
A Merkle tree is a hash-based data structure that lets transparency logs prove data integrity efficiently, using Merkle proofs and certificate transparency.
Certificate transparency log
A concrete guide to certificate transparency logs: how SCTs verify issuance, how CT monitoring works, and how rogue certificates get detected fast.
Hash collision attack
What is a hash collision, and why does it break integrity checks and signatures? A precise definition, the SHA-1 collision attack, and how Safeguard closes the gap.
HMAC
HMAC is a cryptographic construct that combines a hash function with a secret key to verify both the integrity and authenticity of a message.
Elliptic curve cryptography (ECC)
A precise, technical answer to what is elliptic curve cryptography — plus how ECC vs RSA, ECDSA signatures, and ECDH key exchange secure modern systems.
Post-quantum cryptography
Post-quantum cryptography protects data from future quantum attacks. See how NIST-standardized, lattice-based algorithms defend today's software supply chain.
Hardware Security Module (HSM)
What is an HSM? Learn how hardware security modules store signing keys, how HSM vs KMS differs, and why FIPS 140-2 HSMs protect code-signing keys.
Perfect forward secrecy
Perfect forward secrecy stops a single leaked TLS key from unlocking years of past traffic. Here's how ephemeral key exchange works, and why it matters for supply chain security.
Cryptographic salt vs pepper
What is a cryptographic salt, and how does it differ from pepper in password hashing? A technical breakdown of salted hashes, bcrypt salt rounds, and best practices.
Pass-the-hash attack
What is a pass-the-hash attack? Learn how NTLM hash theft enables lateral movement across Windows networks, with real-world examples and mitigation strategies.
How to set up HashiCorp Vault for secrets management
A step-by-step guide to set up HashiCorp Vault for secrets management, covering installation, dynamic secrets, Kubernetes integration, and verification steps.
What crypto-agility means and how to design for algorithm...
What crypto agility really means, why SHA-1's decade-long death proved it, and how to design algorithm swaps into software before NIST's PQC deadlines force the issue.