Cossack Labs
Cossack Labs
Blog
17 Mar 2016
Building secure end-to-end webchat with Themis
While doing some protocol design for front-end clients with WebThemis services, we wanted to try it in real-world situations first: how easily could we deploy complicated cryptographic behavior into web apps? Turns out, quite easily. This post describes one of such web apps, designed to illustrate some zero-server-trust design patterns we're using in other developments.
14 Mar 2016
Building LibreSSL for PNaCl
As we are still using LibreSSL as a donor for some of the cryptographic primitives, with every new architecture we have to make sure that LibreSSL compiles well. This post describes our challenges with PNaCl.
9 Mar 2016
Introducing Themis Server
Themis Server is interactive debugging environment for Themis: an easy way to try what Themis can do, debug your working code, get easy-to-test examples (specifically cooked to talk to Themis Server).
8 Mar 2016
Building and Using Themis in PNaCl
This post outlines our experience of porting typical C/C++ library (which is obviously Themis, in our case) to PNaCl module. A few challenges, a number of interesting riddles and Themis suddenly has a new home!
3 Mar 2016
What's wrong with Web Cryptography
Threats you may face when implementing cryptography within your web application JS way.
1 Mar 2016
WebThemis: proper crypto for modern Web
Introducing WebThemis: a Google Chrome library to develop secure web applications.
11 Feb 2016
Fixing Secure Comparator
After publishing Secure Comparator paper, we've received a number of concerns from the cryptographic community about possible security breach, in case, where one of the parties is intentionally falsifying the protocol. We've adressed these concerns, and, in this blog post and paper update would like to elaborate how and why.
9 Dec 2015
Introducing Secure Comparator
Secure Comparator is a novel authentication technique we're proposing the cryptographic community to evaluate. It can be used as any id/secret pair authenticator in environments, where no trust relationships exist between two parties.
26 Nov 2015
Why we need novel authentication schemes?
Current technological advancements in authenticating users seems to be sufficient for most cases. However, taking a more detailed look reveals weaknesses and tradeoffs in all existing authentication schemes. Before explaining the methodology and cryptography behind Secure Comparator, our authentication protocol, we wanted to outline reasons for developing it in a brief review of existing authentication methods.
20 Nov 2015
WeakDH/LogJam vs Secure Session
Being asked several times 'Is Secure Session prone to attacks similar to WeakDH/LogJam', we've decided to outline some principal differences, which render Secure Session really secure from these attacks.
