cryptography
Safeguard articles tagged "cryptography" — guides, analysis, and best practices for software supply chain and application security.
57 articles
What Is Hashing? A Plain-English Guide to One-Way Functions
Hashing turns any input into a fixed-size fingerprint that cannot be reversed. It quietly powers password storage, integrity checks, and digital signatures across modern software.
Cryptographic Bill of Materials (CBOM): The Next Frontier
Post-quantum cryptography migration requires knowing what cryptographic algorithms your software uses. CBOMs provide that inventory. Here is what they are and why they matter.
Post-Quantum Cryptography Transition: A Practical Guide for Engineering Teams
NIST has finalized its post-quantum standards. Here's a hands-on guide for engineering teams beginning the migration from classical to quantum-resistant cryptography.
Symmetric vs Asymmetric Encryption, Explained
What makes an encryption algorithm symmetric is a single shared key for both encryption and decryption; asymmetric algorithms use a mathematically linked public/private key pair instead — and the difference decides which one you should reach for.
CVE-2023-4807: The OpenSSL POLY1305 Flaw on Windows
A cryptographic MAC that silently trashes CPU registers: why CVE-2023-4807 only bites Windows builds of OpenSSL, what it can actually do, and which releases fix it.
Quantum Computing and the Coming Cryptography Crisis in Supply Chains
Quantum computers threaten the cryptographic foundations of software supply chains. The time to prepare is now, not when quantum advantage arrives.
TLS Library Comparison: OpenSSL vs BoringSSL vs LibreSSL vs rustls
Your TLS library choice has massive security implications. Here is an honest comparison of the major options and what each trade-off means.
Cryptographic Library Selection Guide: Choosing Wisely for Your Stack
Picking the wrong crypto library means either rolling your own crypto or using a library with a poor security track record. Here is how to choose.
OpenSSL Project Governance: Security Lessons from Heartbleed and Beyond
OpenSSL's transformation from a two-person project securing half the internet to a properly governed foundation offers a blueprint for open source security governance.