Encryption Core Concepts: Adding Crypto to your System

Are you developing an application that you think would benefit from encryption? Do you know it will save money in a data breach, but don’t know where to go from there? Encryption core concepts are not rocket science, but they rely on complex math and software life-cycle issues that make encryption challenging in practice. Read on to understand more about …

Strong Attackers: Planning for the Adversary

Organizations have spent a lot of time, effort, and money securing their perimeter and transport layers. This is a necessary first step, but insufficient as more needs to be done for data to be really secure from a strong attacker. The problem with an over reliance on perimeter and transport security is that organizations often make compromises on cryptography. These …

Encryption for Developers: A Guide to Add Security to your Code

As a developers, you’ve decided to encrypt your data, either because it’s a requirement that’s come down from management and customers, or just because it’s the right thing to do. If you’re like many developers, you’ve done some preliminary research into the encryption tools available for your language or platform and realized that the APIs are vague, the terminology is …

Key Management Should Be Designed First Not Last

Many good conversations about cryptography have ended badly after someone asks this: “How are you managing your keys?” Bad key management undermines even the best cryptography. Why? Because if the bad guy gets the key and the encrypted data, they get the unencrypted data. It’s as simple as that. There are three important things to consider in good key management: …

Why Encrypt Data in an Application? Save money in a data breach

Why encrypt data? Believe it or not, this is one of the most common questions we get in our work. Read on for why encryption saves money and lets you launch your product with confidence. This article is part of our Security Guide series – Encryption for Developers. Read more in that series of in-depth technical articles on getting encryption …

Encryption is Hard for Developers to Get Right

We’ve all heard the admonition, “Don’t roll your own encryption!”. That’s because it’s hard to get encryption right. Let’s take a moment to examine what that means exactly. Probably very few of us would set out to code a replacement for AES or ECC, except maybe for fun. We leave that to the professionals. But as developers, we often use …

End-to-end encryption – Why HTTPS is not enough

Apple has gotten a lot of kudos in the security community lately about their approach to end-to-end encryption. WhatsApp and Signal have gotten headlines in years past. Tozny offers end-to-end encryption toolkits for developers, and we often get asked why you should end-to-end encrypt data when HTTPS is pretty secure. This article is part of our Security Guide series –  …