This was an eventful year for Cossack Labs! According to our GitHub stats, in 2017 we:
made 1200 commits into master branches;
merged 260 PRs;
accumulated 444 new stars.
Products and releases
We picked a weird, but hopefully auspicious habit of releasing stuff on holidays or 13th days of the month (preferably Fridays :) or Mercury retrograde periods:
Acra is data encryption proxy aimed specifically at web apps backed by modern databases. Acra helps you easily secure your databases in distributed, microservice-rich environments. It allows you to selectively encrypt sensitive records with strong multi-layer cryptography, detect potential intrusions and SQL injections and cryptographically compartmentalize data stored in large sharded schemes. Acra's security model guarantees that if your database or your application become compromised, they will not leak sensitive data, or keys to decrypt them.
After the initial release and talking to a number of early adopters, we’re on the roadmap to the next, more feature-rich and integration-friendly release. By the way, here is an incomplete list of the features to come in the upcoming year.
These releases contain important core updates, on which all our other products rely. The main core of Themis is ready, now we’re adding convenient methods to it:
Now you can build Themis with OpenSSL or BoringSSL on most platforms;
OpenSSL 1.1 support was added;
Secure Comparator became convenient to use.
Themis wrappers are also being updated according to the plan – small fixes were added for every wrapper, including significant ones like:
Support of dynamic frameworks and bitcode, Themis is working on both Swift3/Swift4;
Fixed Secure Cell in token protect mode;
Support of both old and new versions of Go (starting from v1.2).
Infrastructure fixes included:
Predictable and simplified building process for Debian 9.x and macOS;
Pre-built Themis packages can now be downloaded from our package server;
Documentation and examples were updated to make them easier to understand.
Hermes is a cryptography-based method of providing protected data storage and sharing that allows enforcing cryptographically checked CRUD permissions to data blocks and doesn't let server that's running Hermes do anything worse than DoS. In other words, Hermes enables collaboration and distributed data sharing through enforcing access control with the help of cryptographic methods.
The most exciting thing is that you can use Hermes on almost any platform because the core is written on C. We’ve prepared many tutorials and examples in C, Go, and Python to help you start using Hermes-core.
We wrote a number of cool articles and these were the most popular – so if you haven’t read them yet, do it now!
- Auditable Macros In C Code
- Apple Export Regulations on Cryptography
- Database Leaks: a View from 2017
- Explain Like I’m 5: Zero Knowledge Proof (Halloween Edition)
We’re growing and expanding – for instance, @vixentael turned from a core iOS contributor into our full-blown Product Engineer and we’ve welcomed more people on board as contributors and full-time employees.
In 2017, members of our team gave talks at a number of local and international conferences:
CyberSecurity in Business forum ‘17
Unleashing the Chameleon
Our mascot – Professor Felix – is steadily marching from online (in blog posts) to offline in various forms – if you approach any of us at a conference or other social meetup, chances are you won’t leave empty-handed.