Apr 16, 2019
Acra on DigitalOcean Marketplace
We always strive to make high-end security tools available to general developer audience in a convenient fashion. Only by making data security accessible, we can ensure real security of sensitive data everywhere. As another step towards our mission, we are proud to announce that Acra encryption suite is now available as 1-Click App running in a Droplet on DigitalOcean Marketplace . DigitalOcean is known for its caring attitude towards development teams of any size.
Apr 4, 2019
Building Defence in Depth for Your Data Using Acra
Intro Any set of security controls deployed in your infrastructure may fail. Given enough pressure, some controls will certainly fail. No surprises here, but the question is – how to build our systems to make security incidents less damaging in case of a failure of some components? How to prevent data leaks even in case of a successful data breach? Building security tools , we strive towards defense in depth approach.
Oct 26, 2016
Why making Internet safe is everyone’s responsibility
Responsibility is yours, mine, and that developer's in the office nearby. Open any tech news aggregator and chances are, one-third of all news will be security-related. What we are seeing right now is insane raise of awareness to cyber security, dictated by security threats suddenly turning looming on the horizon to dangerously close to anybody on the Internet. It is not your typical buzzword market fad, where everyone suddenly gets interested in next exciting topic in the development of modern tech, looking for ‘wild opportunities’.
Apr 21, 2016
Building Sesto, in-browser password manager
Intro: what is Sesto Sesto (abbreviation for Secret Store) is open source passwords (and general secrets) manager for web. What sets Sesto apart from many other password managers is: it's web password manager, e.g. you don't need local client to run it, only have compatible browser (Google Chrome with PNaCl modules enabled), the application is downloaded from Sesto server. for a clientless web password manager, it's strong security model: most web password managers are built either on JS crypto (which is bad), or rely on simply protecting your data via SSL and with some arbitrary keys on server side.
Mar 17, 2016
Building secure end-to-end webchat with Themis
Intro While developing components of our products, we love to explore use cases and usability through creating real-world test stands. 0fc is a side-product of WebThemis research: while doing some protocol design for front-end clients with WebThemis services, we wanted to try it in a real-world situation. We've set ourselves a novel idea: end-to-end encrypted webchat, inclined towards client anonymity, giving zero trust to the server, built only with typical Themis primitives.
Mar 8, 2016
Building and Using Themis in PNaCl
Intro Native Client (NaCl) allows browser applications to launch a native low-level code in an isolated environment. Thanks to this, some code, performance code parts can be rewritten in C or C++ easily. Until recent time, NaCl could work on x86-compatible systems only, yet supporting ARM platform becomes very important, because a huge variety of devices (especially the newest Chrome OS laptops), are built on ARM architecture. All you need to compile the code for ARM is located in the latest Native Client SDK.
Mar 3, 2016
What's wrong with Web Cryptography
Introduction Building full stack of cryptographic protection for modern applications includes working with the modern web browser, of course. However, through 20+ years of history of web browsers, we're at the stage where in-browser cryptography is still problematic, and best you can rely on is SSL. Which only protects data transport between you and server, leaving you hoping that you're good enough to go. Which is not always the case.
Mar 1, 2016
WebThemis: proper crypto for modern Web
What is WebThemis WebThemis enables web app developers to build browser applications with strong cryptographic services, provided by Themis cryptographic library. Currently, WebThemis works in Google Chrome as PNaCl module; it can be loaded during a regular web session, or used as a library within Chrome App. WebThemis provides main Themis cryptographic services: Secure Cell: a multi-mode cryptographic container, suitable for storing anything from encrypted files to database records and format-preserved strings.
Nov 26, 2015
Why we need novel authentication schemes?
Introduction: A Word To Pass Before introducing our novel request authentication scheme in Themis, we’ve decided to create an overview of the existing methods of authentication and try to look into what the future might bring us. Passwords are ultimate keepers of diversity and security. Since Ancient Roman times until now, they are used for one to prove being worthy to get some privilege others do not possess, however strongly desire to obtain.
Nov 20, 2015
WeakDH/LogJam vs Secure Session
Intro After LogJam vulnerability was published, and then the WeakDH paper (Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice) was published, we were asked a few times: since Secure Session uses Diffie-Hellman key negotiation, is prone to the same attacks? We wrote this small note to explain why we are safe from such attacks, and how generally decisions about such important security features are being done for the open source Themis crypto library.
Oct 28, 2015
Why you should avoid SSL for your next application
Introduction 2018 update: This article was 4 years old, and even then presented disputable opinion. Many things have changed since then, we're having TLS 1.3, which eliminates a number of cryptographic concerns and enforces correct uses. Still, many challenges stand unaddressed. We've remixed the article to keep relevant problems, and outline solutions to those solved, along with a few thoughts on what and when you can use instead. Everyday software developers trust SSL / TLS encryption to protect their communications without considering whether or not this is the right thing to do.
Oct 1, 2015