Safeguard
Tag

cryptography

Safeguard articles tagged "cryptography" — guides, analysis, and best practices for software supply chain and application security.

57 articles

Open Source Security

OpenSSL vs LibreSSL vs BoringSSL in 2026

A 2026 comparison of OpenSSL, LibreSSL, and BoringSSL on security posture, release cadence, FIPS posture, and which one to ship in which context.

Feb 26, 20265 min read
Cryptography

Perfect forward secrecy

Perfect forward secrecy stops a single leaked TLS key from unlocking years of past traffic. Here's how ephemeral key exchange works, and why it matters for supply chain security.

Feb 26, 20267 min read
Cryptography

Cryptographic salt vs pepper

What is a cryptographic salt, and how does it differ from pepper in password hashing? A technical breakdown of salted hashes, bcrypt salt rounds, and best practices.

Feb 26, 20267 min read
Cryptography

Pass-the-hash attack

What is a pass-the-hash attack? Learn how NTLM hash theft enables lateral movement across Windows networks, with real-world examples and mitigation strategies.

Feb 25, 20266 min read
Cryptography

How to set up HashiCorp Vault for secrets management

A step-by-step guide to set up HashiCorp Vault for secrets management, covering installation, dynamic secrets, Kubernetes integration, and verification steps.

Feb 20, 20267 min read
Best Practices

What is Encryption

Encryption converts readable data into ciphertext using algorithms and keys. Here's how AES, RSA, and TLS actually work — and where implementations fail.

Feb 18, 20266 min read
Vulnerability Response

CVE-2025-15467 in OpenSSL CMS: Patch Posture & SBOM Response

OpenSSL CMS pre-auth stack buffer overflow scored CVSS 9.8. Mail servers, web servers, and anything that processes S/MIME need the fix. Defender playbook below.

Jan 28, 20267 min read
Industry Analysis

Zero-Knowledge Proofs for Supply Chain Attestation

Where zk-SNARKs, STARKs, and Bulletproofs actually fit in software supply chain attestation, and where conventional signatures remain the correct choice.

Jan 12, 20265 min read
Industry Analysis

Homomorphic Encryption in Software Supply Chains

A grounded look at BFV, CKKS, and TFHE schemes for supply chain workloads, measured costs, library choices, and where HE is not yet practical.

Dec 22, 20255 min read
Cryptography

What crypto-agility means and how to design for algorithm...

What crypto agility really means, why SHA-1's decade-long death proved it, and how to design algorithm swaps into software before NIST's PQC deadlines force the issue.

Dec 13, 20257 min read
Cryptography

Comparing quantum-safe VPN and networking products on the...

A practical buyers guide to quantum-safe VPN options, comparing Cisco, Palo Alto Networks, Mullvad, ExpressVPN, Zscaler, and Post-Quantum on real strengths and limitations.

Dec 13, 20257 min read
Cryptography

How ML-KEM (Kyber) works and implementation pitfalls

FIPS 203's ML-KEM Kyber is landing in TLS, SSH, and VPNs everywhere — here's how the lattice math works and the timing bugs, like KyberSlash, already found in real implementations.

Dec 13, 20258 min read
cryptography (Page 3) — Safeguard Blog