Zero Knowledge
-
April 29, 2019
The Rise of DNS over HTTPS
Online security and privacy got a pretty big boost with the rise of HTTPS, this can be attributed to companies like Let’s Encrypt, but also security researchers like Scott Helme. This means that most of your traffic and online communication is now encrypted and can’t be read by other people. You might wonder if this is such a big issue, and the answer is simply yes, it is. This is due to the fact how the internet is built, all your traffic will pass a few other computers (or servers) before it reaches its destination. The most important inbetween hop is probably your internet service provider (ISP).
-
March 13, 2019
My Take on the Swiss E-voting System
While wild discussions about the cryptography that has to protect the Swiss elections in the future broke loose on Twitter, I was looking at the code. I don’t know where to start, I don’t know how to review it. Nevertheless, I have been here before, it’s that first time you get into a large enterprise Java project, it is haunting, it is scary. But step by step I surf through the code, try to find beginning and end (after IntelliJ has indexed the whole project of course). The code is not easy to read and during previous projects I had someone that was familiar with the code that I could ask questions, but this time I was all alone in this code. You quickly lose yourself in time.
-
October 12, 2017
Apache Camel's Not-So-Secure Crypto
One of our developers struggled trying to use Apache Camel’s crypto library. As expected of a good developer he was worried about the security of the software he was writing. He figured out that some things are wrong with the way the library is doing encryption. Therefore, I took a look at the library myself, and figured they are making quite a few cryptographic mistakes that diminishes the security of the encrypted text.
-
October 10, 2017
Yet Another Crypto/Infosec Blog
Welcome, dear reader. This is yet another blog about cryptography and information security. Is this really necessary, you’re asking yourself. Well, I think it is. Given the recent increase of cyberattacks and concern about information security in general, in combination with the shortage of good infosec people, and last but not least, the lack of security knowledge among many developers, every information source might be valuable. I hope this blog can help to shed light on some topics in information security and can help developers to write more secure code. Nevertheless, some posts might get very theoretical on cryptography, just because I can’t help it.