Nipper Labs

by Michael Nipper

Read this first

Deep Dive on the Rails secret_key_base

secret_key_base is a long, pseudorandom string of hex characters in Rails versions 4.0 and later (it was named secret_token in earlier versions and was used slightly differently). It is used to generate an encryption key that encrypts and signs your session data that is stored in your users’ cookies.

A secret_key_base should look something like this:


It is used to create something like this:


Continue reading →

Encryption in a Distributed System

I build android and web apps intended to be used for research projects. This presents a few unique security challenges, one of which is that PII (personally identifiable information) and research data should not be stored together. This is a problem, since I need to collect PII and research data on android devices which cannot guarantee internet access (and therefore cannot rely on transferring these to separate servers as they are entered).

In order to solve this, I wanted to store the PII in such a way that it is encrypted and cannot be decrypted even if the device is lost and the app reverse-engineered (remember, android apps are client-side code!). In order to do this, I obviously had to be okay with the PII not being re-displayed to the user after saving (since this would require that the data be recoverable on the device).

I had a look at a few java libraries and ruby gems to

Continue reading →

Subscribe to Nipper Labs

Don’t worry; we hate spam with a passion.
You can unsubscribe with one click.