Engineering posts about Encryption
Curated summaries and key learnings for engineers working with Encryption.
Labyrinth 1.1: Making End-to-End Encrypted Backups Even More Reliable
Labyrinth 1.1 introduces a new sub-protocol aimed at improving the reliability of end-to-end encrypted backups for Messenger, allowing messages to be securely backed up even in cases of device loss...
How Meta Is Strengthening End-to-End Encrypted Backups
Meta's HSM-based Backup Key Vault is designed to enhance the security of end-to-end encrypted backups for WhatsApp and Messenger. The system utilizes hardware security modules (HSMs) to store...
Post-quantum encryption for Cloudflare IPsec is generally available
The article presents the general availability of post-quantum encryption in Cloudflare's IPsec, marking a significant advancement in securing site-to-site networking against future quantum threats....
Take Control: Customer-Managed Keys for Lakebase Postgres
The article discusses Lakebase Customer-Managed Keys (CMK), which empower customers to control their encryption keys using their own cloud Key Management Services (KMS) rather than relying on...
Post-Quantum Cryptography Migration at Meta: Framework, Lessons, and Takeaways
The article outlines Meta's strategic approach to migrating to post-quantum cryptography (PQC) in response to the impending threats posed by quantum computing to current encryption standards. It...
Dynamic, identity-aware, and secure Sandbox auth
The article explores the implementation of dynamic, identity-aware authentication mechanisms for sandbox environments, emphasizing the use of outbound Workers to enhance security and control over...
Cloudflare targets 2029 for full post-quantum security
Cloudflare has set a target of 2029 to achieve full post-quantum security, emphasizing the importance of transitioning to post-quantum authentication alongside encryption. The article outlines the...
Our ongoing commitment to privacy for the 1.1.1.1 public DNS resolver
The article outlines Cloudflare's ongoing commitment to privacy regarding its 1.1.1.1 public DNS resolver, emphasizing the importance of trust in handling personal data. It details the independent...
Enhancing Security with User-Specific Access Keys for DigitalOcean Functions
The article outlines a significant update to DigitalOcean Functions, transitioning from a shared credential model to user-specific access keys. This change enhances security by ensuring that access...
Agentic AI Security: New Risks and Controls in the Databricks AI Security Framework (DASF v3.0)
The Databricks AI Security Framework (DASF) has been updated to include Agentic AI as its 13th component, introducing 35 new technical security risks and 6 mitigation controls tailored for the...
Announcing Cloudflare Account Abuse Protection: prevent fraudulent attacks from bots and humans
Cloudflare has introduced a suite of fraud prevention capabilities aimed at mitigating account abuse from both automated bots and human attackers. Key features include leaked credentials detection,...
AI Security for Apps is now generally available
Cloudflare has announced the general availability of its AI Security for Apps, a solution designed to detect and mitigate threats specifically targeting AI-powered applications. This tool provides...
Building a security overview dashboard for actionable insights
The article presents a comprehensive overview of a newly developed security dashboard designed to enhance the efficiency of security teams by providing actionable insights rather than mere...
Investigating multi-vector attacks in Log Explorer
The article discusses the complexities of modern multi-vector attacks in cybersecurity, emphasizing the necessity for comprehensive visibility through tools like Cloudflare Log Explorer. It outlines...
Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
How Advanced Browsing Protection Works in Messenger
The article discusses the implementation of Advanced Browsing Protection (ABP) in Messenger, focusing on the technical challenges and infrastructure necessary to protect user privacy while analyzing...
Stop reacting to breaches and start preventing them with User Risk Scoring
The article presents a proactive approach to cybersecurity by integrating User Risk Scoring into zero trust network access (ZTNA) policies. It outlines how Cloudflare One's platform allows security...
Introducing the 2026 Cloudflare Threat Report
The 2026 Cloudflare Threat Report outlines significant shifts in the cybersecurity landscape, emphasizing the transition from brute force attacks to high-trust exploitation strategies employed by...
Bringing more transparency to post-quantum usage, encrypted messaging, and routing security
The article introduces new features and tools on Cloudflare Radar aimed at enhancing transparency in post-quantum encryption, encrypted messaging, and routing security. It details the expansion of...
Toxic combinations: when small signals add up to a security incident
The article explores the concept of 'toxic combinations' in cybersecurity, where seemingly harmless signals can converge to create significant security incidents. It highlights how minor...