Themis 0.9.6 release
THEMIS 0.9.6 RELEASE One release a week is good, two releases is better still. After releasing Hermes-core 0.5.1 PoC yesterday, following the good tradition of releasing on the 13th day of the month, we’re releasing Themis 0.9.6 today. The main feature of this release is adding support for OpenSSL 1.1. The rest of the update details are as follows: Docs: Significant update of the Contributing section in Wiki.
Hermes by Cossack Labs Cossack Labs release a proof of concept version of Hermes — a framework for cryptographically assured access control and data security. A PoC reference implementation of Hermes is Hermes-core 0.5.1, the source code and accompanying documentation of which become available on December 13, 2017. What is Hermes Hermes is a cryptography-based method of providing protected data storage and sharing that allows enforcing cryptographically checked CRUD permissions to data blocks and doesn't let server that's running Hermes do anything worse than DoS.
Auditable Macros in C Code
Intro Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability. The criticism of macros is particularly acute in the wider security community. Among Cossack Labs’ engineers and the core Themis crypto library contributors there are people who previously worked on auditing cryptographic implementations of critical code.
Replacing OpenSSL with Libsodium
This article was published in 2017 about R&D work, which resulted in stable production release of Themis. Intro In our ongoing effort to make Themis work with different cryptographic backends, we've decided to try something more challenging than just displacing similar primitives. This time we decided to make Themis work on Daniel J. Bernstein’s cryptography, as it is introduced in NaCl. What if one day it turns out that Daniel Bernstein’s assumptions about the rest of the world are correct, and everybody else is a lunatic?
Themis 0.9.5 release
THEMIS 0.9.5 RELEASE Strategic planning, respect for traditions, and a consultation with our in-house astrologer led to an imminent release of Themis 0.9.5 on Wednesday 13, the 256th day of the year a.k.a. the International Developer’s Day. The update focuses on crystallizing conveniences, niceties and compatibility fixes that have been around for some time now. Here is the list of improvements: Infrastructure: You can now download pre-built Themis packages from our package server.
Replacing OpenSSL with BoringSSL in a Complex Multi-Platform Layout
This article was published in 2017 about R&D work, which resulted in stable production release of Themis that uses BoringSSL as one of crypto-engines. If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of BoringSSL. No need to struggle with BoringSSL if your goal is to protect users’ data. Intro In Themis, we use industry-recognized implementations of cryptographic algorithms that come from OpenSSL/LibreSSL packages.
Introducing Acra If you are concerned about data security, this means confronting a threat landscape that requires vigilance and defence against a wide range of attacks. One of the prime targets for attack continues to be sensitive data that is stored in backend database storage. From simple discovery of unsecured databases, through classic SQL injection techniques, to compromised infrastructure that allows wholesale copying of database content, attacks focus on data assets with increasing precision.
Importing with ctypes in Python: fighting overflows
Introduction On some cold winter night, we've decided to refactor a few examples and tests for Python wrapper in Themis, because things have to be not only efficient and useful, but elegant as well. One thing after another, and we ended up revamping Themis error codes a bit. Internal error and status flags sometimes get less attention than crypto-related code: they are internals for internal use. Problem is, when they fail, they might break something more crucial in a completely invisible way.
Plugging leaks in Go memory management
Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products. Not being extremely fancy, Go is practical and efficient and is a way to get things done in a reasonable timeframe. Sometimes, even in the age of modern, garbage-collected languages, with their own great profiling tools and well-thought memory management style, you'll still have to dust off old good valgrind to understand what's going on.
2016 at Cossack Labs
Bright and full of new 2016 year insensibly came to an end. Writing good software is hard: absorbed in developing our main products, closed a testing round of Acra (all hail the braves who dedicated an immense amount of time giving us feedback), we’ve spent most of the year undercover. Now that we’ve shown first cues to the open public, revelatory moments are closer than ever. This year we’ve put a lot of effort into helping Themis users understand how to better use Themis and how to build stronger apps: