Posts tagged "cryptography"

Modern password hashing has three serious contenders. We compare Argon2, bcrypt, and scrypt on memory hardness, GPU resistance, ecosystem support, and OWASP's current recommendation.

Bcrypt is the password-hashing standard most modern apps still rely on. Here's how the Blowfish-based KDF works, why the cost factor matters, and how to pick a value that ages well as hardware speeds up.

PGP (and OpenPGP) has secured email and files since 1991. We explain key pairs, the web of trust, signing vs encrypting, and where PGP still makes sense in 2026.

Those six-digit codes from Google Authenticator, Authy, and 1Password are not magic. They're HMAC over a clock. Here's the precise algorithm, the security model, and why drift handling matters.

A PDF digital signature is not a scanned image of your handwriting — it is a cryptographic proof tied to a certificate. Here is what it actually verifies and what it does not.

Every HTTPS connection starts with a TLS handshake — a sub-second ceremony that establishes identity and agrees on encryption keys. Here is the full sequence in plain English.

The magic behind HTTPS, SSH, and PGP encryption is public key cryptography — a system where you can encrypt a message that only the intended recipient can decrypt. Here is how it works.

MD5 and bcrypt are both called hashing algorithms, but they serve completely different purposes. This guide explains what makes a hash function suitable for checksums versus password storage.

Treating Base64 as encryption or MD5 as a secure hash are among the most common security mistakes developers make. This post draws a clear line between encoding, encryption, and hashing.

Math.random() and /dev/urandom look similar but are fundamentally different. One is suitable for games, one for cryptography. Understanding why that distinction matters prevents serious security mistakes.