15 Aug 2016
In the upcoming series of articles, we'll ascend from classic database security techniques to the modern technologies, including some cutting edge research data and our own experiments.
27 Jul 2016
In this post, we talk about Zero-Knowledge Proofs, tie ZKP authentication to traditional security models and help you understand better how authentication, in general, should work.
20 Jul 2016
Lighter reading: general thoughts on how the familiar mindset of 'protect the perimeter' changed over time.
26 May 2016
Themis 0.9.3 released: new wrappers for Go, NodeJS, C++, Google Chrome and much more.
23 May 2016
This blog post features infographic on how to choose cryptographic frameworks when developing Android apps and adds a few notes about Native/Java crypto.
21 Apr 2016
Sesto is one of PoC tools we've developed while working on WebThemis - the cryptographically sane front-end framework for Google Chrome. Sesto enables web users to store any secrets (for example, login credentials) on the server and use them from any computer that has Google Chrome installed.
7 Apr 2016
This post summarizes our experiences of testing Secure Comparator as an authentication mechanism for HTTP.
While we were planning, designing and implementing Comparator, real infrastructure in which it has to function (letting Toughbase instances without shared trust to be able to exchange records and request personal data safely) was very far from being ready, but we wanted to understand how good it was for some practical applications. So we chose the obvious - seeing how SC could work as HTTP authentication mechanism.
30 Mar 2016
This blog post features infographic on how to choose crypto when developing iOS apps. It's always useful to put tool choice in context of causes (goals) and effects. This is what we've tried to do in this post.
17 Mar 2016
While doing some protocol design for front-end clients with WebThemis services, we wanted to try it in real-world situations first: how easily could we deploy complicated cryptographic behavior into web apps? Turns out, quite easily. This post describes one of such web apps, designed to illustrate some zero-server-trust design patterns we're using in other developments.
14 Mar 2016
As we are still using LibreSSL as a donor for some of the cryptographic primitives, with every new architecture we have to make sure that LibreSSL compiles well. This post describes our challenges with PNaCl.