Safeguard
Tag

cryptography

Safeguard articles tagged "cryptography" — guides, analysis, and best practices for software supply chain and application security.

57 articles

Application Security

Implementing TLS in Java applications: keystores, trust managers, and protocol pinning done right

One overridden checkServerTrusted() method disables certificate validation for an entire Java app — and it still ships to production more often than most teams admit.

Jul 15, 20267 min read
Application Security

Why Math.random() is a security bug waiting to happen

A 2008 Debian OpenSSL patch cut key entropy to ~32,768 values; a 2012 scan found 0.75% of TLS certs shared keys. Weak PRNGs still cause real breaches.

Jul 14, 20266 min read
Application Security

Detecting weak cryptographic algorithms in code

SHAttered proved a SHA-1 collision for ~$110,000 in 2017. NIST retires SHA-1 entirely by Dec 31, 2030 — here's how to find and fix MD5/SHA-1 in your code now.

Jul 10, 20267 min read
Vulnerability Management

Inside CVE-2023-46233: How crypto-js Shipped a 1.3-Million-Times-Weaker Key Derivation

crypto-js versions before 4.2.0 defaulted PBKDF2 to SHA1 with a single iteration — NVD calls it 1,300,000 times weaker than modern standards. Here's the fix.

Jul 8, 20266 min read
Application Security

CTF writeup patterns: serialization and cryptographic puzzles, decoded

CVE-2013-0156 let attackers RCE Rails by feeding YAML into a parameter parser — the same insecure-deserialization pattern CTF players train on every weekend.

Jul 8, 20267 min read
Best Practices

Getting AES right in Java: JCA/JCE mistakes that break your encryption

Call `Cipher.getInstance("AES")` in Java and you silently get ECB mode — no warning, no error, just plaintext patterns leaking through.

Jul 8, 20267 min read
Best Practices

Symmetric vs asymmetric file encryption in Python, done correctly

AES-GCM needs a unique 96-bit nonce every single time — reuse one under the same key and GCM's authentication guarantee collapses entirely, not just confidentiality.

Jul 8, 20267 min read
Application Security

Secure password hashing in Go: bcrypt, Argon2, and the mistakes in between

Go's bcrypt package caps input at 72 bytes and returns ErrPasswordTooLong instead of silently truncating — one of several Go-specific quirks that trip up password hashing code.

Jul 8, 20266 min read
Best Practices

Symmetric vs Asymmetric Encryption in Python: A Practical Guide

One key or two? A working comparison of Fernet and RSA in Python's cryptography library — with the OAEP-vs-PKCS1v15 mistake that still causes padding-oracle bugs.

Jul 8, 20267 min read
Security Guides

C# Cryptography Best Practices in .NET

The right way to do cryptography in C#: authenticated encryption with AesGcm, secure randomness, PBKDF2 password hashing, constant-time comparison, and the legacy APIs to stop using.

Jul 5, 20265 min read
Concepts

Symmetric vs Asymmetric Encryption: What's the Difference?

Symmetric encryption uses one shared key for both locking and unlocking. Asymmetric encryption uses a key pair, one public and one private. One is fast; the other solves the key-sharing problem.

Jul 4, 20266 min read
Concepts

Encryption vs Hashing: What's the Difference?

Encryption scrambles data so it can be unscrambled later with a key. Hashing turns data into a fixed fingerprint that can never be reversed. One protects secrets; the other verifies them.

Jul 3, 20266 min read
cryptography — Safeguard Blog