Posts About security

“Salting and Stretching” is just one section of Chapter 21 of Cryptography Engineering, but it’s applicable to web applications, so I thought I’d summarize it here. Salting and stretching are two techniques for storing secrets. They should always be used, for example when storing passwords in a database. Salting A salt is just a random […]

I’m in the middle of reading the book Cryptography Engineering. It’s essential reading for anyone writing software that includes encryption, and the 2nd edition that came out last year (2010) revises it for classroom use and self-study, while keeping it easy to read. Part I introduces the mindset of cryptography (weakest link, professional paranoia, etc.) […]