In 1995 a Finnish researcher's university network was sniffed, thousands of passwords stolen in cleartext off the wire. His weekend fix became SSH, then a company, then a licensing fight, then an OpenBSD fork that now guards essentially every server on earth. This is how remote access got encrypted.
Cryptography
-
The Story of SSH: How a Stolen Password Became the Internet's Front Door -
Homomorphic Encryption Honestly Fully homomorphic encryption lets you compute on ciphertext without ever decrypting it. The promise is staggering and the slowdown is real. Here is the honest map of the schemes, the performance wall, and where FHE has actually shipped in 2026.
-
Multi-Party Computation in 2026 Secure multi-party computation has finally crossed from theory into narrow production — but only where the function is simple, the privacy is load-bearing, and sharing raw data is unacceptable. An honest look at the protocols, the communication wall that limits them, and the deployments that actually shipped.
-
Random Number Generation for Engineers Random number generation is one of the few places where a single wrong function call silently destroys the security of an entire system. This is a practical, security-aware guide to the three categories engineers must keep straight — TRNG, PRNG, and CSPRNG — how the Linux kernel actually produces randomness in 2026, the catastrophic seeding failures that have leaked real private keys, and exactly which API to call and which to never touch.
-
The Quantum Computing Reality Check Where quantum computing genuinely stands in 2026, past the press releases: why physical qubits are not logical qubits, what Google's below-threshold result actually proved, an honest read of the IBM, Google, and Quantinuum roadmaps, the difference between quantum advantage and quantum utility, and the real timeline before a quantum computer can break the cryptography you use today.
-
WireGuard vs OpenVPN vs Tailscale Three things people call "a VPN" that operate at different layers. The cryptographic protocol differences between WireGuard and OpenVPN, why Tailscale is a control plane rather than a competing protocol, the NAT-traversal story for each, and an honest decision framework for which to actually run.
-
Passkeys and FIDO2 Explained Passkeys are the closest thing to a real password replacement the industry has ever shipped, and they finally hit broad consumer rollout in 2024-2026. We walk what a passkey actually is under the hood, the WebAuthn and CTAP protocol stack, the sync model that initially scared security professionals, platform versus roaming authenticators, and the honest case for moving off passwords.
-
Elliptic Curve Cryptography for the Curious Engineer Elliptic curve cryptography replaced RSA for nearly every modern protocol because it delivers the same security with a fraction of the key size and the compute. We walk what an elliptic curve actually is, why the discrete-log problem on a curve is hard, the genuine differences between P-256 and Curve25519 politically and technically, how signing differs from key exchange, and which curve belongs in which job in 2026.
-
Hardware Security Modules and Secure Enclaves HSMs, TPMs, Secure Enclaves, and YubiKeys all promise the same thing — the key never leaves the chip — and they all address subtly different threat models with very different costs and capabilities. We walk what each one actually protects against, the attestation chain that proves a key lives where it claims to, the physical-tamper story, and the honest limits.
-
Hash Functions Explained Cryptographic hash functions are the workhorse primitive of modern computing — every TLS handshake, git commit, password store, blockchain, and code signature relies on them. We walk what a hash function actually guarantees, the Merkle-Damgard versus sponge construction split that separates SHA-2 from SHA-3, the BLAKE3 parallel Merkle tree, the length-extension attack history, and what each function is good for.
-
Post-Quantum Cryptography in 2026: Kyber, Dilithium, and the Migration That Already Started A practical, working-engineer's look at where post-quantum cryptography actually stands in mid-2026: what NIST shipped in FIPS 203/204/205, the Module-LWE math behind ML-KEM and ML-DSA at a level you can defend in a code review, the hybrid TLS and SSH deployments already moving real traffic, and the honest cost of the migration in bytes, milliseconds, and operational pain.
-
The Signal Protocol and the Double Ratchet The Signal Protocol is the most-deployed piece of cryptographic engineering in human history, sitting under Signal, WhatsApp, RCS, and Messenger. We walk what end-to-end encryption actually buys you, the X3DH initial key agreement, the symmetric and Diffie-Hellman ratchets, message ordering and out-of-order delivery, and what an attacker who compromises a device can and cannot recover.
-
Zero-Knowledge Proofs Without the Math Dump Zero-knowledge proofs let one party prove a statement to another while revealing nothing beyond its truth, which sounds like wishful thinking and turns out to be real math. We walk what ZK actually proves and how, zk-SNARKs versus zk-STARKs at an engineering level, the trusted-setup problem, real applications versus hype, and the honest cost in proving and verification time.
-
Post-Quantum Cryptography in Practice A practical guide for infrastructure engineers navigating the post-quantum migration: what actually breaks, the finalized NIST standards, hybrid key exchange already shipping in TLS and SSH, and an honest operational roadmap.
-
Bitcoin and Cryptocurrency Explained: How It Works, Benefits, Risks, and Investing Strategies A comprehensive technical and practical guide to Bitcoin and cryptocurrency — covering the cryptographic foundations, blockchain mechanics, UTXO model, consensus algorithms, wallet security, investing strategies, risk management, and an honest assessment of the drawbacks and criticisms in 2026.