Hi! If you're here, it's probably because I promised some references during my CodeMotion Berlin talk "Just enough crypto for the web." Here you go!
The security news I shared was,
- Yahoo says half a billion accounts breached by nation-sponsored hackers (Ars Technica)
- Signal fixes bug that lets attackers corrupt encrypted attachments (Ars Technica)
- Hackers Make the First-Ever Ransomware for Smart Thermostats (Vice Motherboard)
In the intermezzo, I used Google research on the difference between non-experts and experts on staying safe online.
All your passwords should be stored hashed, salted and encrypted with a good hashing function like SCrypt or BCrypt. I usually tune my hashing algorithm to take a few tenths of seconds on the production server.
My employer, Luminis, has kindly paid for my time and travel. If you want to work with me, come say hi!