BGP leaks and cryptocurrencies
April 24, 2018 10:31 PM
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak....
A Solution to Compression Oracles on the Web
March 27, 2018 12:00 PM
Compression is often considered an essential tool when reducing the bandwidth usage of internet services. The impact that the use of such compression schemes can have on security, however, has often been overlooked. ...
Introducing Certificate Transparency and Nimbus
March 23, 2018 2:45 PM
Certificate Transparency (CT) is an ambitious project to help improve security online by bringing accountability to the system that protects HTTPS. ...
How "expensive" is crypto anyway?
December 28, 2017 6:22 PM
I wouldn’t be surprised if the title of this post attracts some Bitcoin aficionados, but if you are such, I want to disappoint you. For me crypto means cryptography, not cybermoney, and the price we pay for it is measured in CPU cycles, not USD....
Why TLS 1.3 isn't in browsers yet
December 26, 2017 8:30 PM
Upgrading a security protocol in an ecosystem as complex as the Internet is difficult. You need to update clients and servers and make sure everything in between continues to work correctly. The Internet is in the middle of such an upgrade right now. ...
MORE POSTS
December 24, 2017 4:57 PM
TLS 1.3 is going to save us all, and other reasons why IoT is still insecure
As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network gets attacked constantly....
- By
November 10, 2017 11:06 AM
On the dangers of Intel's frequency scaling
While I was writing the post comparing the new Qualcomm server chip, Centriq, to our current stock of Intel Skylake-based Xeons, I noticed a disturbing phenomena....
- By
November 09, 2017 4:05 PM
Privacy Pass - “The Math”
During a recent internship at Cloudflare, I had the chance to help integrate support for improving the accessibility of websites that are protected by the Cloudflare edge network. ...
- By
November 09, 2017 4:00 PM
Cloudflare supports Privacy Pass
Cloudflare supports Privacy Pass, a recently-announced privacy-preserving protocol developed in collaboration with researchers from Royal Holloway and the University of Waterloo. ...
- By
November 08, 2017 8:03 PM
ARM Takes Wing: Qualcomm vs. Intel CPU comparison
One of the nicer perks I have here at Cloudflare is access to the latest hardware, long before it even reaches the market. Until recently I mostly played with Intel hardware. ...
- By
November 06, 2017 6:07 AM
LavaRand in Production: The Nitty-Gritty Technical Details
As some of you may know, there's a wall of lava lamps in the lobby of our San Francisco office that we use for cryptography. In this post, we’re going to explore how that works in technical detail. ...
- By
November 06, 2017 5:54 AM
Randomness 101: LavaRand in Production
As some of you may know, there's a wall of lava lamps in the lobby of our San Francisco office that we use for cryptography. In this post, we’re going to explore how that works. ...
- By
October 20, 2017 4:23 PM
Performing & Preventing SSL Stripping: A Plain-English Primer
Over the past few days we learned about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks....
- By
September 26, 2017 1:00 PM
Geo Key Manager: How It Works
Today we announced Geo Key Manager, a feature that gives customers control over where their private keys are stored with Cloudflare. This builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism....
- By
September 12, 2017 4:29 PM
Understanding the prevalence of web traffic interception
This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS 2017 authored by several researchers including the author of this post and Nick Sullivan of Cloudflare. ...
- By
September 01, 2017 8:48 PM
SIDH in Go for quantum-resistant TLS 1.3
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations require, and choosing cryptographic parameters based on our best estimates....
- By
July 10, 2017 12:43 PM
High-reliability OCSP stapling and why it matters
At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliability OCSP stapling....
- By
July 06, 2017 1:35 PM
How to make your site HTTPS-only
The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services....
- By
March 15, 2017 2:00 PM
Introducing Zero Round Trip Time Resumption (0-RTT)
Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web....
- By