How "expensive" is crypto anyway?
December 28, 2017 6:22PM
I wouldn’t be surprised if the title of this post attracts some Bitcoin aficionados, but if you are such, I want to disappoint you. For me crypto means cryptography, not cybermoney, and the price we pay for it is measured in CPU cycles, not USD....
Continue reading »
AES-CBC is going the way of the dodo
April 21, 2017 5:44PM
A little over a year ago, Nick Sullivan talked about the beginning of the end for AES-CBC cipher suites, following a plethora of attacks on this cipher mode....
Introducing TLS 1.3
September 20, 2016 2:04PM
The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car....
Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision
December 22, 2015 4:43PM
It’s well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values that result in the same value when SHA-1 is applied) is inevitable and likely to happen....
Contributing back to the security community
April 21, 2015 11:14PM
This Friday at the RSA Conference in San Francisco, along with Marc Rogers, Principal Security Researcher at CloudFlare, I'm speaking about a version of The Grugq's PORTAL, an open source network security device designed to make life easier and safer....
March 17, 2014 10:37AM
How to ensure your server's software stays secure?
At CloudFlare, security is on the top of our minds. We are always looking for ways to better secure the data we are entrusted with and improve the security of our customers' websites....