End-to-end
Introduction
My collection articles, books, libraries and videos useful to grasp more about cryptography.
- Noble by Paul Miller
https://github.com/paulmillr/noble-hashesMy goto libraries for using cryptography in JavaScript. Even Frank Denis, the author of libsodium mentioned he thinks this one should be used over his own libsodium-wrappers.
Library, JavaScript, Post-Quantum - PQC Signatures by David Adrian
https://dadrian.io/blog/posts/pqc-signatures-2024/Critical review of PQC Signatures
Article, Signatures, Post-Quantum - A Graduate Course in Applied Cryptography by Dan Boneh, Victor Shoup
https://toc.cryptobook.us/Only read parts of it, but these were really helpful
Book - End-to-End Encrypted Cloud Storage in the Wild by Jonas Hofmann, Kien Tuong Truong
https://brokencloudstorage.info/Paper, File storage - Opaque by Nik Graf, Stefan Oestreicher
http://opaque-auth.com/WebAssembly based TypeScript bindings of opaque-ke
Library, JavaScript, OPAQUE - OPAQUE is NOT Magic by Steve “Sc00bz” Thomas
https://tobtu.com/files/cryptovillage2022.pdfSlides from the 2022 CryptoVillage Talk covering a great PAKEs overview and explaining OPAQUE
Slides, PAKE, OPAQUE - The Power of OPRFs by Stef
https://www.youtube.com/watch?v=6-8EVxFGh9MDeep dive explaining ORPFs including Threshold OPRFs
Talk - XAES-256-GCM by Filippo Valsorda
https://words.filippo.io/dispatches/xaes-256-gcm/AES with random nonce and FIPS 140 compliance
Article, AES - API Tokens: A Tedious Survey by Thomas Ptacek
https://fly.io/blog/api-tokens-a-tedious-survey/Great overview over various authentication methods
Authentication, Token - The Cryptopals Crypto Challenges by Sean Devlin, Thomas Ptacek, Alex Balducci, Marcin Wielgoszewski
https://cryptopals.com/Challenges - It’s 255:19AM. Do you know what your validation criteria are? by Henry de Valence
https://hdevalence.ca/blog/2020-10-04-its-25519amHighlights inconsistencies with Ed25519 signature validation and introduces ZIP215. A set of rules defining precise validation criteria.
Article, Signatures, Ed25519 - Cryptanalysis by Hosein Hadipour
https://github.com/hadipourh/course-cryptanalysisCourse and Resources on cryptographic attacks and how to apply this knowledge to design secure cryptographic primitives
Course, Cryptanalysis - Passkeys: A Shattered Dream by William Brown
https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/Maintainer of webauthn-rs highlighting some of the issues with passkeys
Article, Passkey, Authentication - How Hype Will Turn Your Security Key Into Junk by William Brown
https://fy.blackhats.net.au/blog/2023-02-02-how-hype-will-turn-your-security-key-into-junk/Maintainer of webauthn-rs explaining Resident Key and how it's an issues for physical security keys
Article, Passkey, Authentication
Join the Newsletter
Thoughts on Software Engineering with a focus on React, Cryptography, CRDTs and Effect.