Password Authentication for Web and Mobile Apps is a new book for web and mobile developers who want to learn how secure password authentication works and implement it in their apps.
It answers almost all questions that developers have about password authentication, such as how to store passwords securely, how to remember users, how to implement multi-factor authentication, etc.
Some other topics that it covers:
- Email address validation.
- Unicode issues in usernames, emails, and passwords.
- Secure randomness and UUIDs.
- U2F / WebAuthn.
- JWT and signed cookies.
- Five password hashing functions — PBKDF2, bcrypt, scrypt, yescrypt, Argon2 — and their issues and vulnerabilities.
- Client-side password prehashing.
- Rate limiting.
- and more…
The book is available at https://dchest.com/authbook/
There are numerous small Lisp/Scheme implementations, and probably most of them are unfinished or unmaintained. I found serious, production-ready tiny Scheme interpreters for you to embed in your C or C++ programs.
Continue reading Tiny Scheme interpreters
I have an unhealthy obsession with one-file implementations of useful things in C, which you can just drop into your project and use without configuring libraries with dozens of files. Miniz is one such project: it is a single 225 KB
miniz.c, which contains a
zlib replacement plus functions to read/write ZIP files.
Continue reading miniz — fast single-file ZIP implementation in C
Linenoise is a small self-contained line editing library written in C by Salvatore Sanfilippo of Redis fame, aimed at replacing the monster readline and libedit libraries. It is used in Redis, MongoDB, and Android.
Continue reading linenoise — a tiny readline replacement