Introducing Secure Comparator
A word to pass Passwords are the ultimate keepers of security, extensively used in the 21st century's Internet. As more and more aspects of our lives become accessible online, the importance of keeping your passwords secure becomes crucial, because anybody knowing the password may access your accounts. However, when you input password to access your account, it uses thousands of intermediate links to deliver the data, meaning that your secret password can be compromised at any moment.
Why we need novel authentication schemes?
Introduction: A Word To Pass Before introducing our novel request authentication scheme in Themis, we’ve decided to create an overview of the existing methods of authentication and try to look into what the future might bring us. Passwords are ultimate keepers of diversity and security. Since Ancient Roman times until now, they are used for one to prove being worthy to get some privilege others do not possess, however strongly desire to obtain.
WeakDH/LogJam vs Secure Session
Intro After LogJam vulnerability was published, and then the WeakDH paper (Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice) was published, we were asked a few times: since Secure Session uses Diffie-Hellman key negotiation, is prone to the same attacks? We wrote this small note to explain why we are safe from such attacks, and how generally decisions about such important security features are being done for the open source Themis crypto library.
Armoring ed25519 to meet extended security challenges
This article was revisited and updated in October 2018. Introduction We strive to use the best state-of-the-art cryptography for our library Themis. So when we wanted to implement an important novel feature Secure Comparator (that includes the so-called "Socialist Millionaire Protocol"), we needed to replace the prime-field modular arithmetic with something stronger. The obvious choice for such replacement was the ed25519 signature system: it provides even more protection from side-channel analysis than conventional (NIST-driven) ECC,
Introducing Themis 0.9.2
For the release 0.9.2 of Themis, we did a lot of minor and a few major changes: Infrastructure: Much better documentation. Updated documentation reveals Themis Server, helpful associate for Themis library: a server where you can see current project status and try out different encryption techniques in your app with server as second party. Official tutorial will follow up soon. All platforms and languages are fully covered in tests now
Why you should avoid SSL for your next application
Introduction 2018 update: This article was 4 years old, and even then presented disputable opinion. Many things have changed since then, we're having TLS 1.3, which eliminates a number of cryptographic concerns and enforces correct uses. Still, many challenges stand unaddressed. We've remixed the article to keep relevant problems, and outline solutions to those solved, along with a few thoughts on what and when you can use instead. Everyday software developers trust SSL / TLS encryption to protect their communications without considering whether or not this is the right thing to do.
Building encrypted chat service with Themis and mobile websocket example
Introduction Imagine you'd like to build your own chat server, which allows clients to exchange messages safely. You have a simple infrastructure consisting of a server written in Ruby and clients for iOS and Android. This is exactly what the famous Mobile websocket example provides. We have modified it to illustrate how simple it is to add security features using Themis. In this tutorial, we'll try to preserve as much of it's simplicity and architecture as possible, but add cryptographic protection.
Notes on adding cutting edge features
As we've stated in the past, the Themis library grew out of our own needs for a secure, efficient and convenient cryptographic library. While providing abstracted high-level services, Themis uses trusted, well established implementations of cryptographic primitives such as those provided by LibreSSL/OpenSSL or platform native cryptography providers. With the upcoming v0.9.2 release of the Themis library, we will be announcing a new set of features called "Secure Comparator". As distinct from the current set of Themis functions, Secure Comparator not only uses existing implementations of cryptographic math but also our own in house developments - as we could find no suitable public implementations for some of operations with ECC curve ed25519.
Releasing Themis into public: usability testing
How we did usability testing for Themis when releasing the open source library into public. When we were ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows? 1. Introduction While usability testing for user-centric applications has it's own distinct techniques, standards and frameworks, this is not so typical for a relatively complex and technical library aimed at developers and spanning multiple languages and platforms.
We are proud to present Themis, a novel cryptographic services library. Every good work of software starts by scratching a developer's personal itch. (The Cathedral and the Bazaar) What is Themis? Themis is a high-level cryptographic services library: a library that provides easy to use, highly abstracted set of functions for solving real-world security problems. We would like you to focus on building your software with security taken care of by professionals, instead of scrupulously assembling the building blocks of cryptosystems, resolving implementations, platform availability, vulnerabilities, and performance constraints yourself.