cryptography
Safeguard articles tagged "cryptography" — guides, analysis, and best practices for software supply chain and application security.
57 articles
OpenSSL vs LibreSSL vs BoringSSL in 2026
A 2026 comparison of OpenSSL, LibreSSL, and BoringSSL on security posture, release cadence, FIPS posture, and which one to ship in which context.
Perfect forward secrecy
Perfect forward secrecy stops a single leaked TLS key from unlocking years of past traffic. Here's how ephemeral key exchange works, and why it matters for supply chain security.
Cryptographic salt vs pepper
What is a cryptographic salt, and how does it differ from pepper in password hashing? A technical breakdown of salted hashes, bcrypt salt rounds, and best practices.
Pass-the-hash attack
What is a pass-the-hash attack? Learn how NTLM hash theft enables lateral movement across Windows networks, with real-world examples and mitigation strategies.
How to set up HashiCorp Vault for secrets management
A step-by-step guide to set up HashiCorp Vault for secrets management, covering installation, dynamic secrets, Kubernetes integration, and verification steps.
What is Encryption
Encryption converts readable data into ciphertext using algorithms and keys. Here's how AES, RSA, and TLS actually work — and where implementations fail.
CVE-2025-15467 in OpenSSL CMS: Patch Posture & SBOM Response
OpenSSL CMS pre-auth stack buffer overflow scored CVSS 9.8. Mail servers, web servers, and anything that processes S/MIME need the fix. Defender playbook below.
Zero-Knowledge Proofs for Supply Chain Attestation
Where zk-SNARKs, STARKs, and Bulletproofs actually fit in software supply chain attestation, and where conventional signatures remain the correct choice.
Homomorphic Encryption in Software Supply Chains
A grounded look at BFV, CKKS, and TFHE schemes for supply chain workloads, measured costs, library choices, and where HE is not yet practical.
What crypto-agility means and how to design for algorithm...
What crypto agility really means, why SHA-1's decade-long death proved it, and how to design algorithm swaps into software before NIST's PQC deadlines force the issue.
Comparing quantum-safe VPN and networking products on the...
A practical buyers guide to quantum-safe VPN options, comparing Cisco, Palo Alto Networks, Mullvad, ExpressVPN, Zscaler, and Post-Quantum on real strengths and limitations.
How ML-KEM (Kyber) works and implementation pitfalls
FIPS 203's ML-KEM Kyber is landing in TLS, SSH, and VPNs everywhere — here's how the lattice math works and the timing bugs, like KyberSlash, already found in real implementations.