Security

11 posts in this domain.

• Why ECDSA nonce reuse leaks the private key ECDSA needs a fresh random number for every signature. Use the same one twice and anyone watching can recover the private key with two lines of algebra — which is exactly how the PS3's master key fell out. May 2, 2026 · intermediate
• Why 'harvest now, decrypt later' is driving post-quantum crypto adoption A sufficiently large quantum computer probably doesn't exist yet. Encrypted traffic from 2018 might already be sitting on a tape, waiting for one. That asymmetry — encrypt now, decrypt later — is why the migration is happening before the threat is real. May 2, 2026 · intermediate
• Why supply-chain attacks dominate the JavaScript ecosystem npm install pulls 1,200 packages from hundreds of strangers and runs their code. The frontend ecosystem is the densest, most-trusting dependency graph in software, and that density is the attack surface. May 2, 2026 · intermediate
• What is public-key cryptography? Until 1976, encrypting a message required both sides to already share a secret. Public-key crypto broke that chicken-and-egg problem and quietly became the substrate of the modern internet. Apr 30, 2026 · intro
• ASLR: why we shuffle memory before every run Attackers used to know exactly where your code lived in memory. ASLR makes them guess — and guessing wrong tends to crash the process. Apr 29, 2026 · intermediate
• Why JWTs are controversial JWTs solve a real problem — stateless auth across services — and then keep solving it past the point where the cure is worse than the disease. Here's where the seams are. Apr 29, 2026 · intermediate
• Why prompt injection isn't a bug to be patched Every other injection attack — SQL, XSS, command — has a known fix: separate code from data. Prompt injection doesn't, because for an LLM there is no separation. The vulnerability is the architecture. Apr 29, 2026 · intermediate
• Why public-key signatures are not just 'encryption in reverse' They look symmetric — encrypt with one key, decrypt with the other — but signatures and encryption answer different questions, and conflating them is how real cryptosystems get broken. Apr 29, 2026 · intermediate
• Why password hashing is deliberately slow SHA-256 is fast and that's exactly why you must not use it for passwords. Password hashes are the rare place in computing where slowness is the feature. Apr 29, 2026 · intermediate
• Why constant-time comparison is a thing An ordinary equality check leaks the secret it's supposed to protect — one byte at a time, through the clock. Constant-time comparison exists because == is faster than it should be. Apr 29, 2026 · intermediate
• Passkeys: why the password is finally being replaced Passwords are a shared secret you keep retyping into whatever site asked. Passkeys move the secret onto your device and never let it leave. Apr 29, 2026 · intro