Both Encryption and Hashing are fundamental building blocks of cryptosystems. When it comes to best practices for storing credentials in your application however, best practice is largely driven by what you’re trying to do. There are a lot of …
A lot can be learned about SSL/TLS by analyzing real-world bugs and the ways in which vendors patch them. This past week OpenSSL 1.1.1k was released, which corrected two high severity bugs in the popular OpenSSL software. Specifically, CVE-2021-3450 …
Next to encryption, hashing is perhaps the most important building block of modern cryptosystems. But what is a hash? Why is it important? How can some ways of computing a hash be better than others, and what makes a particular method suitable for …
It is a peculiar thing to see, but more and more commonly terms of art make their way into the mainstream media. It seems that every week a new article about a vulnerability, cyberattack, or data breach makes its way into public discourse. One …
A distributed-denial-of-service (DDOS) attack occurs when a service provider is intentionally overwhelmed at the network layer by a large volume of requests. These requests might consist of normal traffic occurring at a massive scale, or it might …
Chances are that you’ve used a captive portal – possibly without knowing it! Captive Portals are a legitimate means of grabbing the users attention
Let’s Encrypt is a fairly popular service offering free SSL/TLS certificates to those who are uninterested in the value-add of traditional certificate resellers. Historically, this CA has partnered with IdenTrust to provide this service as it has …
Intermediate certificates are often a topic of confusion. It’s understandable. We pay a lot of attention to root certificates as they require a lot of active management on the client. Leaf certificates on the endpoint are the star of the show – …
It’s that time again. As protocols mature, inevitably security vulnerabilities lurking beneath the surface are uncovered by security professionals. The so-called “Racoon” vulnerability is unusual however in that it affects TLS 1.2, arguably the most …
Certificate Cross-Signing is a nuance of PKI which is often poorly understood. This topic is particularly salient as of late, as a long-lived root certificate managed by Sectigo (formerly Comodo) expired, causing many unexpected problems for many …
View more resources on cyber security, encryption and the internet.
View more Guides, FAQs and information to help with your Certificate purchases.