Qvault

The post Top 10 Technical Go Interview Questions first appeared on Qvault . Are you interviewing for a new Go developer position? Perhaps you are about to interview someone yourself? Let’s review some good questions to be familiar with, whether you are the interviewer or the interviewee. If you are interested in a more interactive way to review for a Go interview, try our Interview Prep – Go course. You’ll find more questions and will be able to run code in the browser and get instant feedback on your level of preparedness. Take the Interview Prep Course Free Questions and Answers 1. What is the difference between a goroutine and an operating system thread? Go provides built-in channels for goroutines to communicate safely between themselves. More goroutines can run on a typical system than you can threads. For example, with Java you can likely run thousands of threads. With Go, you can likely run millions of goroutines. Goroutines startup more quickly than operating syst...

The post Creating a Custom Tooltip Component in Vue first appeared on Qvault . There are plenty of libraries out there that will have you up and running with a good tooltip solution in minutes. However, if you are like me, you are sick and tired of giant dependency trees that have the distinct possibility of breaking at any time. For that reason, we are going to build a custom single file tooltip component that you can build yourself and tweak to your heart’s content. It might take 15 minutes instead of 3… sorry about that. As it happens, this is also the boilerplate for the tooltip component we use on Qvault’s coding app. The End Goal We are building a single file component, as such it will be a single file with the following structure: <template> </template> <script> </script> <style scoped> </style> At the end of this walkthrough we will have a tooltip component that floats above the target element(s), fades in and out, activates...

The post “Interview Prep – Golang” Course Released first appeared on Qvault . We just launched Interview Prep – Golang , a quick course for those looking to brush up on some Go quirks before walking into an interview. The course is a hands-on tutorial where you complete algorithms and data structures exercises, as well as answer common multiple-choice questions about the Go language. This interview preparation review stands out because it gives a solid recap (over 30 exercises) of the language, and it’s free on signup! Get Started What’s Included? The course has two modules and covers many topics, some of which are: Interfaces and structs Error handling and testing Syntactic sugar Workspace and toolchain features Stacks and queues Channels Mutexes and concurrency Binary trees Why Go? Go is soaring in popularity among DevOps, backend, and security engineers. If you aren’t familiar with Go yet, take a look at our  Go Mastery  course! All code is written ...

The post Bcrypt Step by Step first appeared on Qvault . Bcrypt is a key derivation function , which can be thought of as a slow hash function . Its purpose is to slowly convert a piece of input data to a fixed-size, deterministic, and unpredictable output. A common use-case is to convert a password into an n-bit cryptographic key, which can then be used for safe authentication. Here at Qvault, we use Bcrypt in our security systems. Bcrypt is a very popular password hashing function, so much so that it’s the hash function we currently teach the implementation of in our Practical Cryptography course. What Bcrypt Looks Like Using Bcrypt on the password myPassword123 would produce something like the following: myPassword123 -> $2y$12$vUw4OU4EAl4w4vC6/lA33OtDSYGhiIdekdT9iOoSs9/ckwrffaEui That output can be used to compare against future hashes against to see if the original data matches. Why not compare passwords directly? In web development, it is insecure to store user’s...

The post (Very) Basic Intro to Lattices in Cryptography first appeared on Qvault . Lattice-based cryptography has been coming into the spotlight recently. In January 2019, Many of the semifinalists in the NIST post-quantum-cryptography competition were based on lattices. Lattice based cryptography has promising aspects that make it a contender for the basis of cryptographic security in a post-quantum world. What is a Lattice? According to Wikipedia , a lattice is the set of all integer linear combinations of basis vectors: i.e. More simply put, a lattice is defined by basis vectors, which are only able to be scaled by integers… yay no fractions! For example, let’s create a lattice of all the integers in a two-dimensional plane: The definition of our lattice contains only 2 basis vectors, v1 = (0,1) v2 = (1,0) Our lattice is the set of all values that can be reached by any combination and scale of our basis vectors. For example, the point (2,0) is in ou...

The post Shamir’s Secret Sharing Step-By-Step first appeared on Qvault . Adi Shamir’s Secret Sharing is an algorithm that allows participants to share ownership of a secret by distributing shares , which can be thought of as parts of a secret key. In order for someone to gain access to the original secret, a minimum number of shares (the threshold) must be used together. Example Problem To illustrate, let’s imagine that a family of four all share a single Bitcoin wallet. This Bitcoin wallet contains a single private key that all members of the family co-own. Because there is a single key, any of the family members can use that key to spend all of the Bitcoins. The family has a problem: If they each keep a copy, then only one of their copies needs to be compromised to have all the coins stolen. If only one of them keeps the key, then that person may lose it or decide to double-cross the other family members. Luckily, one of the family members is also a cryptographer. Instead of ...

The post Optimize For Simplicity First first appeared on Qvault . We can’t optimize for everything in software engineering, so we need to start with something, and that something should be simplicity. For example, to over-optimize for speed in JavaScript, we might write our for-loops backwards to the detriment of readability. On other occasions, we may over-optimize architectural abstraction to the detriment of speed. I assert that we should optimize for simplicity first , and only make complex memory, speed, and abstraction improvements as they become necessary. But Muh Speed If it’s slow but readable, I can make it fast. If it’s broken but readable, I can make it work. If it’s impossible to understand, then I have to ask around until I can find out what the abomination is supposed to do in the first place. Working, readable software should be the “MVP” of your code. It’s trivial to find a bottleneck in code that is easy to understand. That one slow chunk of code can be optim...

The post “Practical Cryptography” Course Released first appeared on Qvault . We just launched our new Practical Cryptography course, a code-in-the-browser tutorial where students build cryptographic functions in the Go programming langauge. Practical Cryptography stands out among online cryptography courses because it not only teaches crypto fundamentals, but it allows users to get hands-on experience building out the code. Get Started What’s Included? The course has four modules covering the following topics: Cryptography History and Overview Stream Ciphers and XOR math Block Ciphers and Key Schedules Hashes and Key Derivation Functions We are already planning a sequel to this course which will cover public key cryptography and some other more advanced concepts. Coding? Coding projects in this course are all written in Go, a language that is soaring in popularity among devops, backend, and security engineers. If you aren’t familiar with Go yet, take our  Go M...

If you’ve seen The Imitation Game , or studied computer science in school, you have likely heard of Enigma , Alan Turing , or some of the other advances in cryptography that took place during the Second World War. During this time and until the 1970’s, governments from around the world had near-total control of all cryptographic systems. It was nearly impossible to learn about encryption without going through a government agency. One of the major contributing factors to cryptography becoming a discipline within the public domain was Whitfield Diffie and Martin Hellman’s invention of public-key cryptography in 1976. This new kind of asymmetric cryptography revolutionized cryptography. It also allowed the public to leverage the technology to the people’s advantage for the first time. The Crypto Wars An attempt to control the power of encryption When scientists first invented public-key cryptography, the NSA tried to restrict access to the technology and keep the work classified...

The post Unexpected Printf Behavior in Go WASM – Nothing Prints appeared first on Qvault . While working on Qvault’s Go Playground , I came across a very strange error. The standard library’s fmt.Printf() function prints nothing to the console when called. Nothing. For those of you who are familiar with the function, when compiled to a “normal” executable fmt.Printf prints a formatted string to standard output. As per the official documentation, this program: package main import ( "fmt" ) func main() { const name, age = "Kim", 22 fmt.Printf("%s is %d years old.", name, age) } Will print: Kim is 22 years old. The interesting thing is that when the same exact program is compiled using Web Assembly, we get a different result. If you want to try it, copy the above program and run it here . Spoiler alert: It doesn’t print anything. However, if you change the program slightly: package main import ( "fmt"...

The post Saving a Third of Our Memory by Re-ordering Go Struct Fields appeared first on Qvault . In past projects at Qvault we had an application that typically ran with ~2GB in memory at any given time. By simply changing the order of some uint variables we managed to drop the memory usage to less than 1.4GB . The vast majority of this allocated memory is due to an enormous slice of stats structs. The stats struct has the following type definition: type stats struct { NumPosts uint8 Reach uint16 NumLikes uint8 } In theory, this struct will take a use a measly 4 bytes. Each uint8 uses 1 byte , and the single uint16 needs 2. We began to suspect that we had some wasteful memory issues, so I built the following little program to show how memory is being used by our struct: package main import ( "fmt" "reflect" "runtime" ) type stats struct { NumPosts uint8 Reach uint16 ...

The post HMAC and MACs – The Inner Workings of JWTs appeared first on Qvault . HMACs and MACs are authentication codes and are often the backbone of JWT authentication systems. Let’s take a look at how they work. MAC – Message Authentication Code MACs are exactly what they sound like; small codes that allow receivers of messages to know who the sender was (authentication). A MAC code is calculated by using a message and a secret key as inputs. Anyone who has a copy of that secret key can then verify that that code and message were created by someone with the same key. One way this is accomplished is by using a hash function, for instance, SHA-256 . Simply put, a hash function takes an input and then returns an output, where: The output is very unlikely to be the same for different inputs The output is always the same for the same inputs The output is not predictable – changing the input even slightly results in a seemingly random and large change to t...