Guides
Evergreen reference pages that explain formats, security concepts, and practical utilities.
A practical reference to encoding, hashing, encryption, and signing—what they are and when to use each.
A practical guide to hashing and HMAC—how they differ, what problems they solve, and how to choose the right approach for integrity and authentication.
A practical guide to authenticated encryption — what AEAD is, how AES-GCM and ChaCha20-Poly1305 work, and when to use each mode over CBC or CTR.
Learn how password hashing works, why MD5 and SHA-256 are insufficient for passwords, what salting and key stretching do, and which algorithm to use today.
A practical explanation of TLS — what it protects, how the handshake works, certificates and trust, and common mistakes developers make.
The difference between encryption at rest and in transit — threat models, technologies, key management, real-world examples, and common mistakes.
How digital signatures work — hash, sign with private key, verify with public key. Covers signature vs HMAC, real-world uses (JWTs, TLS, code signing), and common mistakes.
Avoid the most costly encryption errors: using encryption for passwords, hardcoding keys, skipping authenticated modes, ignoring certificate warnings, and more.
A practical guide to API authentication — understand API keys, JWT, OAuth 2.0, and HMAC request signing, when to use each, and how to choose the right approach.