Listen Now

Storing passwords security is an art and a science. In this episode, we'll talk with JP Aumasson, a highly respected cryptographer who's dedicated most of his professional life to making your passwords more secure. He ran the Password Hashing Competition, which just selected a new 'most secure' password hashing algorithm: Argon2. He's done thousands of hours of cryptanalysis, and he's a total security badass. This episode covers: How JP got into security stuff. What is the academic crypto community like? What's the difference between cryptographic hash functions and NON-cryptographic hash functions? Are MD5 and SHA1 secure? What are CPU and memory hard algorithms? What's wrong with bcrypt? scrypt? How do memory hard algorithms work? How did the Password Hashing Competition come to be? What is Argon2, and what makes it awesome? How should developers store passwords today in the most secure fashion? What new stuff is JP Aumasson doing next? What advice do you have for developers who want to get into the security field?

OMG. I love HTTP Basic Auth. More than my own children! (I kid, I kid.) But seriously. Basic Auth is awesome. In this episode, we'll talk about why it's cool, and how to use it for the greater good. The guest for this episode is Robert Damphousse (Javascript Developer @ Stormpath). This episode covers: What is Basic Auth? How long has it been around? Is Basic Auth simple? Is it secure? Why? Why is Basic Auth going out of style? What's up with OAuth vs Basic Auth? When should a developer use Basic Auth? What are some popular services / tools that still use Basic Auth?

OAuth is a funky protocol. Seriously. Who even likes it? In this episode we'll discuss what, exactly, is up with OAuth, and why the hell people keep talking about it. Our guests for this episode are Tom Abbott (Product Manager at Stormpath), and Les Hazlewood (CTO at Stormpath).   This episode covers: What is OAuth for? Why is it needed? Why not use Basic Auth? How does OAuth work (high level)? What are tokens / JWTs? What are grant types? What are scopes? What types of OAuth are there? How does OAuth work in a browser? (Implicit and authorization code.) How does OAuth work for APIs? (Client credentials and password.) When should a developer use OAuth? Basic Auth?