Hi there 👋

This is an article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. Modern cryptography relies heavily on number theory. One of the simplest but most important tools in the number theorist’s toolkit is the Euclidean algorithm. This algorithm, and its extension, the extended Euclidean algorithm, form the basis for practical cryptographic operations such as modular inversion. This blog post walks through both algorithms, with an explanation of why they are important to public key cryptography. ...

When deploying microservices on Kubernetes, how many replicas should I run? Intuition suggests that two replicas is enough to give you high availability; if one pod dies, the other keeps the service online. Industry standard, however, suggests running three replicas. Why is this the case? In this post, I will explain reasons to choose three replicas over two, and some best practices based on the realities specific to Kubernetes. The Math Behind Preferring Three Replicas The suggestion to run three replicas is often followed by hand-wavy “because it is more resilient”. Rather than rely on intuition, let’s try putting some numbers behind the reasoning. ...

This is an article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. When the Data Encryption Standard (DES) was introduced in the 1970s, it was considered a solid block cipher. But DES has one major flaw by today’s standards — a small key space. With only 56 bits of key material, DES can be brute-forced with modern hardware by checking every possible key value. Once it was apparent that DES was no longer secure and could be brute-forced, a natural idea to extend the life of DES without resorting to an entirely new algorithm was to increase the size of the key space by encrypting the data twice with two different keys. The hope was that doubling the encryption operation with different keys would increase the difficulty of brute force attacks. ...

This is an article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. Last time we explored the Data Encryption Standard (DES), and how its Feistel network structure worked. We also saw why DES eventually became obsolete: its 56-bit key size was simply too small in the face of modern computing power. To replace DES, the U.S. National Institute of Standards and Technology (NIST) held a public competition in the late 1990s. Fifteen different algorithms were submitted from around the world. Over the course of several years, this field was narrowed down to five finalists, each carefully analyzed by cryptographers. Finally, in 2000, an algorithm called Rijndael, created by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, was selected as the winner. This became the Advanced Encryption Standard (AES), which has since become the most widely used block cipher in the world. It is used everywhere: encrypting TLS traffic in your browser, securing Wi-Fi connections, and protecting classified government data. ...

This is an article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. The Data Encryption Standard (DES) is based upon the principles of a substitution-permutation network that we learned about in the last post in this series. The design of DES is based on the principles of Feistel ciphers, which are a particular configuration of a substitution-permutation network developed by Horst Feistel at IBM. ...

This is an article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. A block cipher is a type if cipher that combines an encryption/decryption algorithm that works on blocks of data with a mode of operation that details the techniques to process sequences of data blocks. While many different block cipher algorithms exist, they all share a common structural design: they apply a series of transformations — known as rounds — that iteratively manipulate the input data. These rounds consist of small, repeatable operations that gradually transform the plaintext into ciphertext. ...

CloudFront supports two logging modes: v2 logging and legacy logging. Naturally, you’d expect to use the newer v2 logging—but if you’re provisioning CloudFront with CloudFormation, it’s easy to end up with the legacy setup by accident. If you use the Logging property in your AWS::CloudFront::Distribution, CloudFormation will default to legacy logging, writing directly to S3. There’s currently no way to switch this to v2 via the Logging property in CloudFormation. To enable v2 logging, you have to take a different approach: ...

If you have a Dell monitor and an M-series chip from Apple, you may have encountered flickering issues with your monitor which — at times — can render it completely unusable. The issue appears to be fairly widespread and can affect a number of Dell model and Apple silicon chip combinations, and has been acknowledged by Dell. The flicker is caused by the monitors LCD panel’s Image Compensation Algorithm (ICA) function repeatedly turning On and Off. The YCbCr Video generated from the Macs is at 17Gray level, it fluctuates between 15Gary and 17Gary. Hence it is repeatedly turning On and Off, the ICA which has a threshold setting of 16Gray. ...

This is the fifth article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. When discussing encryption, you’ll often hear talk about the strength of a security system as measured in “bits.” For example, systems might advertise their strength as having 128-bits or 256-bits. But what exactly does security measured in bits mean? Let’s demystify this common yet sometimes misunderstood concept. ...

This is the fourth article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. Modular arithmetic is the foundation for asymmetric cryptography like RSA, elliptic curves, or Diffie-Hellman — all of them rely on the properties of modular arithmetic to guarantee security and secrecy. Since modular arithmetic is so important to cryptography, it pays to understand how it works. This post will help us along the journey by demystifying modular arithmetic, explaining how it works, and why it matters for cryptography. ...