-
Architecting Secure APIs: The Phantom Token Pattern
This article explores the Phantom Token pattern, an architectural approach that bridges the gap between secure opaque tokens for public clients and stateless JWTs for internal microservices.
OAuth 2.0 API Security Architecture JWT -
Privacy-Preserving Password Leak Detection with Blind Exponentiation
This article presents a cryptographic protocol for checking password leaks while preserving user privacy. Using commutative exponentiation with client and server secrets, the system enables breach detection without exposing password hashes or enabling dictionary attacks on the leaked password database.
Cryptography Privacy Security Password Security -
Solving the Lost YubiKey problem with WebAuthn PRF & Shamir’s Secret Sharing
This article proposes a conceptual design for a password manager utilizing the WebAuthn PRF extension for client-side encryption. By integrating Shamir’s Secret Sharing, the work presents a decentralized recovery mechanism for non-exportable credentials. This theoretical model guarantees that only the owner possesses the cryptographic material required for recovery.
Cryptography WebAuthn Passkeys Recovery