Website Security Solutions | Latest Guides | Blog

What is FIPS compliance?

| #Articles

FIPS (Federal Information Processing Standard) is a set of requirements asserted by NIST in order to centralize and make uniform the ways in which the US government manage the risks associated with securing and transporting sensitive information. FIPS came into existence as part of the larger FISMA legislation in 2002, and quickly became a commonly imitated framework for information security in… [read more →]

Considering Full Disk Encryption? What to know.

| #Articles

Full Disk Encryption (FDE) refers to the practice of encrypting a device (laptop, cell phone, etc) at-rest. Decryption is performed at boot time, relying on user input, a cryptographic key stored in hardware, or a combination both. FDE is an important part of defense-in-depth as the protection schemes employed by typical operating systems are only enforced when the operating system is running.… [read more →]

How to choose the right encryption

| #Articles

It can be very difficult to bridge the gap between the theoretical and the practical. This is a pattern I’ve seen repeat itself again and again throughout my career – someone might be very technical, and very familiar with encryption, but when it comes time to solve a real-world business problem as a developer or a systems administrator, that knowledge doesn’t always translate to something defen… [read more →]

PBKDF2: Password Based Key Derivation

| #Articles

PBKDF2, defined in RFC 2898, is a specific Key Derivation Function (KDF). A KDF is simply any mechanism for taking a password (something a user remembers or stores in a password manager) and turning it into a symmetric key suitable for cryptographic operations (i.e., AES). It turns out that this approach is extremely handy for a variety of use cases. However, it is also not without its flaws. … [read more →]

Certificate Revocation, How it Works with CRLs or OCSP

| #Articles

Certificate Revocation refers to the act of canceling a signed certificate before its expiration date. This can be done due to private key compromise, retirement of a service, or various administrative reasons. There are many different approaches for verifying that a certificate is still in good standing, and often a combination is used in order to provide fault tolerance. Certificate… [read more →]