cryptologie.net

cryptography, security, and random thoughts

Hey! I'm David, cofounder of zkSecurity, research advisor at Archetype, and author of the Real-World Cryptography book. I was previously a cryptography architect of Mina at O(1) Labs, the security lead for Libra/Diem at Facebook, and a security engineer at the Cryptography Services of NCC Group. Welcome to my blog about cryptography, security, and other related topics.

← back to all posts

◦

Using crypto to replace database access.

2015-02-16 blog

A pretty fresh article on how you could use crypto to replace a lot of complicated schemes you might use on your website like password reset or mail confirmation:

https://neosmart.net/blog/2015/using-hmac-signatures-to-avoid-database-writes/

tl;dr: instead of creating a table for tokens, you could create the password reset url like this:

http://www.example.com/password_reset/?user=username&expires=15649848949849&[email protected]&token=

and at the place of the token you would put the output of a MAC. Checking the MAC again after receiving the url would confirm that YOU created that url and it has not been modified. Remember, MAC provides integrity and authentication. The author also provides a way to only render this usable once: use the original hashed password as a nonce.

suggested reads:

→ Hashes, MACs, Signatures • blog

→ Real World Crypto: Day 2 • blog

→ Database Encryption • blog

← back to all posts blog • 2015-02-16

currently reading:

Using crypto to replace database access.

02-16 blog

recent posts:

New cryptologie.net

07-20 blog

Weaponizing AI Assistants: With Their Permission

07-20 blog

What are Schwartz-Zippel circuits? How do they relate to iterative constraint systems?

05-29 blog

Short Note On Montgomery Reduction: Why Operating Modulo b?

05-24 blog

Still confused by Plonk's permutation?

03-13 blog

Partial evaluations and linearization

03-12 blog

The trap of the top-down approach

03-07 blog

My company is looking for interns

02-25 blog

Vlogging attempts

02-16 blog

I like whiteboards

10-17 blog

↓ scroll

📖 my book

Real-World Cryptography is available from Manning Publications.

A practical guide to applied cryptography for developers and security professionals.

🎙️ my podcast

Two And A Half Coins on Spotify.

Discussing cryptocurrencies, databases, banking, and distributed systems.

📺 my youtube

Cryptography videos on YouTube.

Video explanations of cryptographic concepts and security topics.

currently reading:

Using crypto to replace database access.

02-16 blog

recent posts:

New cryptologie.net

07-20 blog

Weaponizing AI Assistants: With Their Permission

07-20 blog

What are Schwartz-Zippel circuits? How do they relate to iterative constraint systems?

05-29 blog

Short Note On Montgomery Reduction: Why Operating Modulo b?

05-24 blog

Still confused by Plonk's permutation?

03-13 blog

📖 my book

Real-World Cryptography is available from Manning Publications.

A practical guide to applied cryptography for developers and security professionals.

🎙️ my podcast

Two And A Half Coins on Spotify.

Discussing cryptocurrencies, databases, banking, and distributed systems.

📺 my youtube

Cryptography videos on YouTube.

Video explanations of cryptographic concepts and security topics.