Blog

Cossack Labs Blog

26 Oct 2016

Why making Internet safe is everyone’s responsibility

... not the security vendors, nor government or big corporations can solely fix the current state of things. It's everybody's duty and the earlier we understand it - the better.

Read more...


21 Sep 2016

Backend data security: Key management 101

Second article in series, Key Management 101 will talk about basic key management concepts, goals and methods to achieve them. 

Read more...


15 Aug 2016

Classic Backend Security Design Patterns

In the upcoming series of articles, we'll ascend from classic database security techniques to the modern technologies, including some cutting edge research data and our own experiments.

Read more...


27 Jul 2016

Zero Knowledge Protocols without magic

In this post, we talk about Zero-Knowledge Proofs, tie ZKP authentication to traditional security models and help you understand better how authentication, in general, should work. 

Read more...


20 Jul 2016

Perimeter security: avoiding disappointment, shame and despair

Lighter reading: general thoughts on how the familiar mindset of 'protect the perimeter' changed over time.

Read more...


26 May 2016

Introducing Themis 0.9.3

Themis 0.9.3 released: new wrappers for Go, NodeJS, C++, Google Chrome and much more.

Read more...


23 May 2016

Choose your Android crypto (Infographic)

This blog post features infographic on how to choose cryptographic frameworks when developing Android apps and adds a few notes about Native/Java crypto.
 

Read more...


21 Apr 2016

Building Sesto, in-browser password manager

Sesto is one of PoC tools we've developed while working on WebThemis - the cryptographically sane front-end framework for Google Chrome. Sesto enables web users to store any secrets (for example, login credentials) on the server and use them from any computer that has Google Chrome installed. 

Read more...


7 Apr 2016

Benchmarking Secure Comparator

This post summarizes our experiences of testing Secure Comparator as an authentication mechanism for HTTP.

While we were planning, designing and implementing Comparator, real infrastructure in which it has to function (letting Toughbase instances without shared trust to be able to exchange records and request personal data safely) was very far from being ready, but we wanted to understand how good it was for some practical applications. So we chose the obvious - seeing how SC could work as HTTP authentication mechanism.

Read more...


30 Mar 2016

Crypto in iOS: Choose your destiny (Infographic)

This blog post features infographic on how to choose crypto when developing iOS apps. It's always useful to put tool choice in context of causes (goals) and effects. This is what we've tried to do in this post. 

Read more...

All posts

Previous Previous