- base64javascriptpython
Base64 encoding across 5 languages: JavaScript, Python, Go, Rust, PHP
Idiomatic Base64 and Base64URL encoding/decoding in JS, Python, Go, Rust, and PHP — with the standard-library one-liners and the gotchas each language buries.
2 min readRead - hashingsha256hmac
Hashing in 2026: SHA-256, HMAC and PBKDF2 across Node, Python, Go, Rust
Which stdlib function to reach for, which library to avoid, and the one-liner that gets you SHA-256 + HMAC-SHA256 in each of the big runtimes.
1 min readRead - webhookshmacsecurity
How to verify webhook signatures: Stripe, GitHub, Slack
Every major webhook provider signs their requests with HMAC. Here's the working verification code for each, the timing-attack pitfall everyone hits, and a universal template.
1 min readRead - passwordsecurityentropy
How to generate a strong password (and what entropy means)
Length beats complexity. Here's the math, the actual number of bits you need, and why `correct horse battery staple` is stronger than `P@ssw0rd!`.
5 min readRead - base64urlencoding
Base64URL vs Base64: when the extra characters matter
The + / = characters in standard Base64 break URLs, filenames, and JWT headers. Base64URL is the fix — and it's almost but not quite a drop-in replacement.
3 min readRead - hmacsecuritycrypto
What is HMAC (and why SHA-256 alone isn't enough)?
HMAC is how you prove a message wasn't tampered with. It's SHA-256 plus a clever wrapping you should never try to reinvent.
5 min readRead - encodingbase64fundamentals
Base64 explained: what it is, what it isn't, and when to use it
Base64 is everywhere — emails, JWTs, data URLs, certificates. Here's what it actually does, and what it doesn't (encryption!).
4 min readRead