HTTPS safe? maybe not!

At Conformal, we keep up with the most secure cryptography technologies available and implement these technologies into our products and services whenever possible. However, we consider ourselves the minority in this practice, with most other sites only offering the bare minimum in terms of security. Amid the recent PRISM leaks, more and more attention has been drawn towards mass acceptance of one such technology, known as Perfect Forward Secrecy (hereforth referred to as PFS). This blog post will cover how HTTPS without PFS fails to protect today’s communication against tomorrow’s attacks, how PFS is able to prevent against these attacks, and the current state of PFS on the web and Conformal’s servers.

Continue reading

btcscript – the script package from btcd

Following up on our previous releases (btcwire, btcjson, btcutil, and btcdb) we are happy to announce btcscript, the script package from btcd:

https://github.com/conformal/btcscript

btcscript provides code and data structures to parse and execute bitcoin scripts. The scripting system bitcoin uses is a stack-based, FORTH-like language. It is not turing complete by design (as adding a full turing complete language opens up all sorts of potential complications and problems), but it still provides a fair amount of power.

Continue reading