cryptography
Safeguard articles tagged "cryptography" — guides, analysis, and best practices for software supply chain and application security.
57 articles
What Is Post-Quantum Cryptography (for software supply ch...
Quantum computers will eventually break RSA and ECDSA. Here's what NIST's 2024 PQC standards, CNSA 2.0 deadlines, and "harvest now, decrypt later" mean for signed software supply chains.
Symmetric vs asymmetric encryption: practical Python examples
Symmetric vs asymmetric encryption explained with working Python code: AES-256-GCM, RSA-OAEP, hybrid encryption, and the mistakes that cause real breaches.
Cryptography Misuse Detection: Griffin AI vs Mythos
Crypto misuse is not about broken algorithms. It is about misused parameters, missing checks, and the gap between "it compiles" and "it is secure."
Merkle tree in transparency logs
A Merkle tree is a hash-based data structure that lets transparency logs prove data integrity efficiently, using Merkle proofs and certificate transparency.
Certificate transparency log
A concrete guide to certificate transparency logs: how SCTs verify issuance, how CT monitoring works, and how rogue certificates get detected fast.
PASETO tokens
PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.
Post-Quantum Cryptography Migration for Software Supply Chains
NIST finalized ML-KEM, ML-DSA, and SLH-DSA in 2024. Here's what it means for Sigstore, package registry signing, TLS, and the harvest-now-decrypt-later problem.
Hash collision attack
What is a hash collision, and why does it break integrity checks and signatures? A precise definition, the SHA-1 collision attack, and how Safeguard closes the gap.
HMAC
HMAC is a cryptographic construct that combines a hash function with a secret key to verify both the integrity and authenticity of a message.
Elliptic curve cryptography (ECC)
A precise, technical answer to what is elliptic curve cryptography — plus how ECC vs RSA, ECDSA signatures, and ECDH key exchange secure modern systems.
Post-quantum cryptography
Post-quantum cryptography protects data from future quantum attacks. See how NIST-standardized, lattice-based algorithms defend today's software supply chain.
Hardware Security Module (HSM)
What is an HSM? Learn how hardware security modules store signing keys, how HSM vs KMS differs, and why FIPS 140-2 HSMs protect code-signing keys.