---
title: Crypto Best Practives Checklist
categories: [cheatsheets]
tags: [crypto]
---

# Crypto Best Practives Checklist

## Asymetric Encryption

**Do**

* [ ]  use libsodium or NaCl
* [ ]  Use ECC
* [ ]  if RSA -> RSA-OAEP
	* [ ] Public Exponent e (> 3)
	* [ ] >= 2048 bit keysize


**Don't**

* [ ]  Textbook RSA
* [ ]  RSA with the same pubkey (forward secrecy)
* [ ]  RSA PKCS#1.5


## Symmetric Encryption

**Do**

* [ ]  Keysize > 128
* [ ]  AES-GCM
* [ ]  ChaCha20-Poly1305

**Don't**

* [ ]  AES-CBC, AES-CTR
* [ ]  OFB Mode
* [ ]  64 Bit Blocksize Ciphers


## Hashes

**Do**

* [ ]  SHA-3 >= 256 Bit
* [ ]  SHA-2 >= 256 Bit
* [ ]  BLAKE2


**Don't**

* [ ]  SHA-1
* [ ]  Hashes with 128 bit length
* [ ]  MD5


## Password Hashing

**Do**

* [ ]  scrypt !important - use the right parameter
* [ ]  bcrypt with following format: brypt(base64(sha-512(password)))
* [ ]  PBKDF2

**Don't**

* [ ]  Hash-only (MD5, SHA-X)
* [ ]  Any encryption algorithm