development

Cossack Labs Blog

21 Sep 2017

Replacing OpenSSL with Libsodium

The second article in a series of three that covers our experiments with different sources of crypto primitives for Themis. This time we tested its multi-platform capabilities with Libsodium.

Read more...


6 Mar 2017

Importing with ctypes in Python: fighting overflows

Best cases of boring technical debt are understood when reflected properly. This post addresses a simple one: inelegant flags in core C library ended up breaking Python tests. This is no small case to us: tests breaking sometimes might end up in things seeming to work, but not really working. Not something you can afford yourself when you're doing cryptography, do you?

Read more...


28 Feb 2017

Plugging leaks in Go memory management

Investigating memory leaks can be fun, sometimes. Sometimes it might even teach you a few lessons in how the language you know and like actually works.

Read more...


23 May 2016

Choose your Android crypto (Infographic)

This blog post features infographic on how to choose cryptographic frameworks when developing Android apps and adds a few notes about Native/Java crypto.
 

Read more...


7 Apr 2016

Benchmarking Secure Comparator

This post summarizes our experiences of testing Secure Comparator as an authentication mechanism for HTTP.

While we were planning, designing and implementing Comparator, real infrastructure in which it has to function (letting Toughbase instances without shared trust to be able to exchange records and request personal data safely) was very far from being ready, but we wanted to understand how good it was for some practical applications. So we chose the obvious - seeing how SC could work as HTTP authentication mechanism.

Read more...


30 Mar 2016

Crypto in iOS: Choose your destiny (Infographic)

This blog post features infographic on how to choose crypto when developing iOS apps. It's always useful to put tool choice in context of causes (goals) and effects. This is what we've tried to do in this post. 

Read more...


17 Mar 2016

Building secure end-to-end webchat with Themis

While doing some protocol design for front-end clients with WebThemis services, we wanted to try it in real-world situations first: how easily could we deploy complicated cryptographic behavior into web apps? Turns out, quite easily. This post describes one of such web apps, designed to illustrate some zero-server-trust design patterns we're using in other developments. 

Read more...


1 Oct 2015

Building encrypted chat service with Themis and mobile websocket example

This tutorial shows simple ways of integrating cryptographic services presented by Themis cryptographic library into your already existing multi-platform application.

Read more...

All posts

Previous Previous