This research in March 2015 uncovered a design flaw in the JWT standard and critical vulnerabilities in popular JWT libraries. An attacker could exploit an affected to library to, e.g., take control of arbitrary user accounts.

A comprehensive introduction to the obscure art of writing timing-attack-proof crypto code.

PBKDF2 is a popular algorithm for password hashing and key derivation. Unfortunately, a small configuration mistake often reduces its effectiveness by 50% or more.