Dec 21, 2015 - The 6 rules of password storage

This post is a quick writeup of the reasons behind password storage techniques, so I can refer to it instead of explaining a fresh every time. It is intended to be simple and easy so there is no excuse for not reading or understanding it.

There's more...

Aug 16, 2015 - Stop lying to me

As a developer, one of the things which consistently annoys me is hidden/none obvious dependencies. There are a number of reasons this annoys, me for starters it can really slow down writing tests (for example) when you have to manually trace through an object graph to figure out what you need to mock out. This need for manual tracing also impairs cognitive understanding increasing the time it takes to understand what is happening and quite often prevents your expensive IDE from helping you out. Code with hidden dependencies also has a high resistance to change with unintended consequences to minor edits popping up in seemingly unrelated areas.

There's more...

Aug 3, 2015 - Cryptanalysis of hashids

Hashids is a multi language library which converts integers into strings. Although the site http://hashids.org/ makes no claims of being secure, the language used (words like hash and salt) within the code and documentation implies security. In this post, I explore just how bad it is from a security perspective in the hope that anyone reading this will avoid using it in a security context.

There's more...