Cossack Labs
Cossack Labs
Blog
11 Feb 2016
Fixing Secure Comparator
After publishing Secure Comparator paper, we've received a number of concerns from the cryptographic community about possible security breach, in case, where one of the parties is intentionally falsifying the protocol. We've adressed these concerns, and, in this blog post and paper update would like to elaborate how and why.
9 Dec 2015
Introducing Secure Comparator
Secure Comparator is a novel authentication technique we're proposing the cryptographic community to evaluate. It can be used as any id/secret pair authenticator in environments, where no trust relationships exist between two parties.
26 Nov 2015
Why we need novel authentication schemes?
Current technological advancements in authenticating users seems to be sufficient for most cases. However, taking a more detailed look reveals weaknesses and tradeoffs in all existing authentication schemes. Before explaining the methodology and cryptography behind Secure Comparator, our authentication protocol, we wanted to outline reasons for developing it in a brief review of existing authentication methods.
20 Nov 2015
WeakDH/LogJam vs Secure Session
Being asked several times 'Is Secure Session prone to attacks similar to WeakDH/LogJam', we've decided to outline some principal differences, which render Secure Session really secure from these attacks.
18 Nov 2015
Armoring ed25519 to meet extended security challenges
When developing new, advanced features of Themis library, we had to extend some of the ECC cryptography available in open source with our own implementation to provide simple point multiplication with random (unknown in advance) point. To achieve that, we've extended Daniel J. Bernstein's implementation of ed25519 with our own math and code. This blog post outlines our direction of thinking.
4 Nov 2015
Introducing Themis 0.9.2
Introducing updated and polished Themis, release 0.9.2.
28 Oct 2015
Why you should avoid SSL for your next application
TL;DR: SSL is huge, inefficient, complex and may present plenty of security threats. For most platforms, it's the best we've got. For some, where it can be configured properly - it's lifesaver. For many - it's the illusion of security. Let's see what applies to your application.
1 Oct 2015
Building encrypted chat service with Themis and mobile websocket example
This tutorial shows simple ways of integrating cryptographic services presented by Themis cryptographic library into your already existing multi-platform application.
22 Sep 2015
Notes on adding cutting edge features
Some important notes on intruducing experimental, bleeding edge features to Themis, changes in Themis build system in the regard of these features, and a tease of new things to come.
3 Jun 2015
Releasing Themis into public: usability testing
How we did usability testing for Themis when releasing the open source library into public.
Being ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows?
