Strong random number generation hangs on Linux machines

Dices making a random number

You’re working on a new project, which uses a framework requiring strong random number generation. Typically, this could be Spring Security’s BCryptPasswordEncoder. You run your application on a Linux machine: your local Linux Mint for development or some Ubuntu Server instance, for example. And then… nothing happens. The application seems to be hanging! What gives?

OpenPGP: no, it’s not broken yet

A picture of a digital lock

You may have noticed: encryption has received some bad rap lately. I’m talking about Efail and SigSpoof of course, two flaws that impacted OpenPGP-based applications such as GnuPG, Enigmail, etc. Does it mean that OpenPGP is broken?

Did you change your hair?

Oh you noticed, didn’t you? Indeed, I have decided to update my blog’s presentation a little bit, make it more readable and mobile-friendly. The old …

From stateful to stateless RESTful security using Spring and JWTs – Part 4 (JWT-based authentication)

Previously we have managed to finally get rid of that Session object and transform our RESTful API security to leverage a stateless authentication solution. We replaced our beloved JSESSIONID with a simple string of text, a token, that allowed us to identify a user. But the solution we used is not secure at all. We still need to find a token with the right characteristics to be safe enough in this world of leaks and breaches. Enter JWTs…