attribution: Flickr/mark van de wouw license: CC Attribution-NonCommercial-ShareAlike 2.0 Generic When building secure systems, having a source of random numbers is essential. Without them, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted. For example, if you’re reading this using a link to https://blog.cloudflare.com then the SSL connection […]
Archive by Author
Why some cryptographic keys are much smaller than others
If you connect to CloudFlare’s web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I connect using Chrome I get an RC4_128 connection (with a 128-bit key) which used the ECDHE_RSA key exchange mechanism (with a 2,048-bit key) to set the connection up. If […]
Why secure systems require random numbers
(Image Copyright (c) Walt Disney) If you’ve been following recent news about technical spying by the US National Security Agency and the UK’s Government Communications Headquarters you may have come across a claim that the NSA was involved in weakening a random number generator. The obvious question to ask is… why mess with random number […]
Details Behind Today’s Internet Hacks
When I woke up this morning I had no idea I’d be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day — Rajiv Pant (@rajivpant) August 28, 2013 At 1:19pm (PDT) today, a researcher noticed that the New York Times’ website wasn’t loading. We know the New York Times tech […]
Updating Our Privacy Policy
Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to remain anonymous because you value your privacy. We do, too. To that end, one of the first things I have undertaken in my new role is a full review […]
Heuristics and Rules: Why We Built a New Old WAF
We just rolled out an update to CloudFlare’s Web Application Firewall (WAF). Previously, CloudFlare’s WAF has received criticism from people who have tested it and found that it didn’t behave as traditional WAFs are expected to. That contrasted with the real world experience of users who saw our WAF virtually eliminate actual web threats. Seemingly […]
DDoS Prevention: Protecting The Origin
One of the many great features that CloudFlare provides is protection from Distributed Denial of Service (DDoS) attacks. A malicious party who wants to make your website or web service unavailable could try to overwhelm it with requests from compromised machines (or bots) all around the world. With a large enough volume of requests, your […]
Government Surveillance: Why Transparency Matters
The web is one of the greatest inventions of human history because it has made the world more transparent. Fundamentally, that’s what the web does: it takes information that was inaccessible and opaque and makes it available and lucid. At CloudFlare, our mission is to build a better web. We hire great engineers to invent […]
Staying on top of TLS attacks
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a priority. We use TLS both externally and internally and different uses of TLS have different constraints. Broadly there are three ways we use TLS: to handle HTTPS connections from web […]
Mirage 2.0: Solving the Mobile Browsing Speed Challenge
Almost exactly a year ago, CloudFlare announced a feature called Mirage. Mirage was designed to make the loading of images faster in two primary ways: 1) deliver smaller images for devices with smaller screens; and 2) “lazy load” images only when they appeared in the viewport. Both of these optimizations were designed primarily to accelerate […]