cryptography
Safeguard articles tagged "cryptography" — guides, analysis, and best practices for software supply chain and application security.
57 articles
CycloneDX 1.7 Deep Dive: Cryptography, Citations, and Patents
CycloneDX 1.7 released in October 2025 with first-class cryptography metadata, a new Citations element, and patent-aware IP fields. We walk through what changed and which producers should adopt now.
Insecure Randomness in Security-Sensitive Code
A single deleted line broke Debian's OpenSSL keys for two years. We break down real insecure randomness vulnerabilities and how Safeguard catches weak PRNGs before attackers do.
Secure Random Number Generation in JavaScript with crypto...
Math.random() is predictable and unsafe for security tokens. Here's why Node's crypto.randomBytes() is the standard for secure JavaScript randomness.
Secure Random Number Generation in Ruby with SecureRandom
Ruby's built-in rand() uses a predictable Mersenne Twister and should never generate tokens, passwords, or session IDs. Here's how SecureRandom fixes that.
Secure Random Number Generation in PHP with random_bytes
PHP's mt_rand() has a 32-bit seed space attackers can crack in seconds. Here's why random_bytes() and random_int() replaced it in PHP 7.0, and how weak randomness still causes breaches.
Secure Random Number Generation in C# with RandomNumberGe...
Why System.Random is a security liability in C# and how RandomNumberGenerator prevents predictable tokens, nonces, and keys in .NET applications.
Secure Random Number Generation in Java with SecureRandom...
Why java.util.Random and even UUID.randomUUID() can leak predictable tokens, and how Java's SecureRandom and NIST DRBG providers actually protect secrets.
TLS Library Comparison: OpenSSL vs. LibreSSL vs. BoringSSL
Three forks of the same codebase, three different security philosophies. Here is how to choose the right TLS library for your project.
Encryption and Decryption in Python: A Practical Guide
Encryption in Python is easy to get working and surprisingly easy to get wrong — here's how to do symmetric and asymmetric encryption correctly using the cryptography library instead of rolling your own.
Encryption Algorithms in Java: A Practical Overview
Java ships a wide menu of encryption algorithms through its Java Cryptography Architecture, but picking the wrong mode or a deprecated cipher is one of the most common security findings in Java codebases.
What Is a Nonce? The Number Used Once in Cryptography
A nonce is a value used a single time to keep cryptographic operations fresh and stop attackers from replaying old messages. Small idea, outsized importance.
What Is Key Management? Protecting the Keys That Protect Everything
Key management is the discipline of generating, storing, rotating, and retiring cryptographic keys safely. Strong encryption is only as good as the way its keys are handled.