3 Common Encryption Mistakes That Are Easy to Avoid

At Ubiq Security we focus on data security and making it easier for developers to incorporate encryption into their applications.  As part of our work, we spend time on Slack, Stack Overflow, Reddit, etc. and we see several common mistakes that can cause security vulnerabilities that are easy to resolve.  While we don’t think any developer wants to make an insecure product, it is easy to understand how developers not experienced in data security might not realize the impact of grabbing some sample code from the Internet and incorporating it into their application.  I often say that writing programs incorporating encryption or data security is not like other software development.  Just because an application runs, doesn’t mean you are done or that your application is secure.

Common Mistake 1: Inadvertently Reducing the Range of A Hashed Value

I have lost count of how many times I have seen someone use sha256 thinking they are creating a 256-bit value stored in 32 bytes when they are actually creating a 128-bit value stored in 32 bytes.

5 Ways To Implement Cryptography in Java


Cryptographic functionality is essential to a massive number of applications.  As data protection regulations mandate how certain types of data should be protected, developers are increasingly required to build cryptography into their code. Java is currently one of the most popular programming languages used across a wide range of applications including Minecraft and Hadoop, so it’s important that developers know what to consider when implementing cryptography correctly.

However, cryptography can be complicated, and most developers are not secretly cryptographers on the side.  Requiring developers to jump through hoops and blindly make crucial decisions is not a good or safe way to implement core security functionality.