What I would like, but haven’t found yet, is a cheat sheet on what up to date encryption method or algorithm one should use for whatever need. A kind of requirement -> algorithm dictionary.
Like, I need to authenticate that a client is a known identity. What algo? How to use it? What to avoid? I need to sign a message or document. How? I need to verify said message. How? I need to store passwords. How?
I know some crypto, but discovering and learning about them is a bit of a pain. For how important crypto is, you‘d think someone would have bothered to teach developers how to choose and deploy these algorithms properly.
With symmetric algorithms, e.g. AES, and modes of operation, is there a "best" one? Currently GCM seems to be quite popular. Is there something (an AEAD?) better? Now that the patent of OCB(3?) is expired, is it worth changing?
7 comments
[ 5.1 ms ] story [ 28.2 ms ] threadhttps://cacr.uwaterloo.ca/hac/
Like, I need to authenticate that a client is a known identity. What algo? How to use it? What to avoid? I need to sign a message or document. How? I need to verify said message. How? I need to store passwords. How?
I know some crypto, but discovering and learning about them is a bit of a pain. For how important crypto is, you‘d think someone would have bothered to teach developers how to choose and deploy these algorithms properly.
I think it‘s pretty good.
With symmetric algorithms, e.g. AES, and modes of operation, is there a "best" one? Currently GCM seems to be quite popular. Is there something (an AEAD?) better? Now that the patent of OCB(3?) is expired, is it worth changing?