Website Security Solutions | Latest Guides | Blog

PBKDF2: Password Based Key Derivation

| #Articles

PBKDF2, defined in RFC 2898, is a specific Key Derivation Function (KDF). A KDF is simply any mechanism for taking a password (something a user remembers or stores in a password manager) and turning it into a symmetric key suitable for cryptographic operations (i.e., AES). It turns out that this approach is extremely handy for a variety of use cases. However, it is also not without its flaws. … [read more →]

Certificate Revocation, How it Works with CRLs or OCSP

| #Articles

Certificate Revocation refers to the act of canceling a signed certificate before its expiration date. This can be done due to private key compromise, retirement of a service, or various administrative reasons. There are many different approaches for verifying that a certificate is still in good standing, and often a combination is used in order to provide fault tolerance. Certificate… [read more →]

Encryption vs Hashing: What’s the difference?

| #Articles

Both Encryption and Hashing are fundamental building blocks of cryptosystems. When it comes to best practices for storing credentials in your application however, best practice is largely driven by what you’re trying to do. There are a lot of well-meaning security professionals who elect an extremely dogmatic stance: “Encrypting passwords is bad! You must hash them”. This is usually true, except when … [read more →]

What Is SNI? Encrypted SNI (ESNI and ECH)

| #Articles

When a piece of server software wants to make itself available to clients via the network, it binds to a socket. A socket is simply the IP address and port combination the server software listens on for connections. (Most commonly server software chooses to listen on a particular port across all available network interfaces). What happens though if a particular server wants to serve multiple,… [read more →]

OpenSSL 1.1.1k Patches for Two High-Severity Vulnerabilities

| #News

A lot can be learned about SSL/TLS by analyzing real-world bugs and the ways in which vendors patch them. This past week OpenSSL 1.1.1k was released, which corrected two high severity bugs in the popular OpenSSL software. Specifically, CVE-2021-3450 and CVE-2021-3449 are considered to be “high” severity but not “critical” severity because while they are extremely impactful, they affect less common … [read more →]