Easter Hack: Even More Critical Bugs in SSL/TLS Implementations

It’s been some time since my last blog post – time for writing is rare. But today, I’m very happy…

Read More »

How to use ECC with OpenJDK

Everyone who ever tried to use Elliptic Curve Cryptography (ECC) in Java with an OpenJDK was either forced to use…

Read More »

Safely Create and Store Passwords

Nearly every time when it comes to user profiles it is necessary to manage user credentials and thus be able…

Read More »

Browser-based Key Generation and interaction with the Browser’s Key/Certificate Store

Imagine the following scenario: You need to get a key (in the asymmetric case the user’s public key) from a…

Read More »

Weaknesses in Java Pseudo Random Number Generators (PRNGs)

This will be a sum up of a Paper written by Kai Michaelis, Jörg Schwenk and me, which was  presented…

Read More »

A brief chronology of SSL/TLS attacks

I haven’t had a substantial post for quite a long time, so it’s time for something useful and interesting. Although…

Read More »

Hash Length Extension Attacks

In this post I will try to leave the summer slump behind and focus on more interesting things than complaining…

Read More »

How to deal with {conservative, intractable, annoying} APIs

Have you ever been fighting with an, at least for your current purpose, inflexible API? I picked up one of…

Read More »

Using the final keyword on method parameters

After some own confusion which specific meaning final declared method parameters have this blog entry will try to clarify this.…

Read More »