Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
GitHub

Share Secrets/Passwords Securely with with a CLI — in 15 Seconds

Windows Users: run this in Windows Subsystem for Linux (WSL), not PowerShell. Or check out all install options. Important: Windows users should run this in Windows Subsystem for Linux (WSL), not ...