Photo by Guillaume Jaillet on Unsplash

Well, the fastest hash might be just taking the first eight bytes of our data to produce a hash. But that is likely to create lots of collisions where the first eight bytes are the same, such as “Edinburgh123” and “Edinburgh99”. A stronger method is to sample bytes, and merge these into a 64-byte hash. The complexity is then O(1), as it doesn’t matter how much data we have, as we just have to sample bytes at certain locations.

One method of sampling bytes is he o1hash and which was created by Wang Yi. Overall is a quick-and-dirty approach and…


In cryptography, sometimes, you need to be fast. If you have gigabytes of data, you need to process your data efficiently, and with lesser regard for the overall security.

Unfortunately, most of our cryptography methods are focused more on efficiency and security, to be bothered with being as fast as possible. But when you need Gigahashes per second, you need to find ways to optimize the hardware and make full use of it. And so we turn to a hash created by Molly Rocket [here] and is named after a character known as Meow the Infinite [here]. …


Our existing methods of key exchange and public key encryption are not secure within an era of quantum computers. Why? Because the hard problems they are based on, do not become hard problems anymore with quantum computers. For RSA, we create a public modulus (N) and which is the multiplication of two prime numbers (P and Q). …


There’s not a lot of large IT companies that I fully respect for their approach to cybersecurity, but Cloudflare is an exception. They are a great company that is driven by technical people and who have strong beliefs around privacy and in improving the Web. I especially love their approach to improving cryptography, and they lead in quite a few areas.

And so, after trying to defend against bots and malicious activity on my site, I flipped the switch and moved my front-end security and content delivery to Cloudflare. With just the free service, it works like a dream, and…


And then there were three: CRYSTALS Dilithium, Falcon and Rainbow. These are the finalists for the NIST standard for Post Quantum Cryptography (PQC) of digital signatures. Basically, they will replace RSA and ECC in an era of quantum computers, and provide the core of trust on the Internet. Dilithium and Falcon are lattice methods, and Rainbow uses multivariate quadratic polynomials. So while lattice looks like a winner because of its speed of computation and key size, there is a competition for an alternative winner.

The three alternative winner finalists are SPHINCS+, GeMSS and Picnic. With SPHINCS+ we use hashes to…


At the core of cybersecurity is CIA (Confidentiality, Integrity and Availability). For confidentiality and integrity we normally turn to cryptography methods in making sure that our data is protected, and where we can test its integrity (and where our protected data has not been changed). There are many existing ways of covering cryptography but these often a range of software libraries. Along with this, there’s a comborsum OpenSSL library, and which can be difficult to integrate and install. But there’s one library that aims to bring together all of the main methods into a single library: the Python cryptography library…


We have often innovated with our teaching, and created our own Cloud infrastructure over a decade ago (vSoC). This allowed us to teach our remote and campus based students in the same way. In fact, it has been so successful that we are building a new and better infrastructure: vSoC 2. Now, we aim to build new on-line infrastructure, and the Jupyter notebook approach looks to be a winner in providing a safe environment for students to learn key principles, while integrating Python code. …


Photo by Alexander Shatov on Unsplash

Alice creates a secret message and ciphers it with her secret key, and then sends this to Bob. He also has the secret key, and so she decrypts it and reveals the secret message. It says “You can take tomorrow as a holiday”. Bob is happy and takes the holiday. Eve, though, has been listening to their communications, and, the next day, resends the ciphered message, even though she cannot read it. Bob takes the next day off, and Alice wonders why he is not at work? Eve has thus performed a replay attack on Alice’s ciphered message. …


Photo by 30daysreplay Germany on Unsplash

The US government defines a number of standards that many companies comply with, and one of the strongest is FIPS (Federal Information Processing Standard) 140. This standard defines a number of levels that define the security level of a product/system and includes modules tested within the Cryptography Module Validation Program (CMVP).

In 2019, FIPS 140–3 replaced FIPS 140–2. It defines 11 areas of design involved in designing and implementing modules [here][docs]. This includes four security levels for the cryptographic module specification; cryptographic module interfaces; roles, services, and authentication; software/firmware security; operating environment; physical security; non-invasive security; sensitive security parameter management…


Photo by Sixteen Miles Out on Unsplash

The protection of encryption keys is important, and where they often have to be protected. This is especially important for a symmetric key or for a private key of a public key pair. For this, we can use key wrapping and make sure the key cannot be used, unless we have a secret master key. One standard for this is RFC 5649 [here] and which defines the Advanced Encryption Standard (AES) Key Wrap algorithm (AES-KW1, AES-KW2). This page uses the Hazmat implementation of [RFC 3394]. …

Prof Bill Buchanan OBE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Living by the sea. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store