cheatsheets/cheatsheets/crypto/crypto-best-practices-checklist.md

---

title: Crypto Best Practives Checklist categories: [cheatsheets]

tags: [crypto]

Crypto Best Practives Checklist

Asymetric Encryption

Do

• use libsodium or NaCl
• Use ECC
• if RSA -> RSA-OAEP
  • Public Exponent e (> 3)
  • >= 2048 bit keysize

Don't

• Textbook RSA
• RSA with the same pubkey (forward secrecy)
• RSA PKCS#1.5

Symmetric Encryption

Do

• Keysize > 128
• AES-GCM
• ChaCha20-Poly1305

Don't

• AES-CBC, AES-CTR
• OFB Mode
• 64 Bit Blocksize Ciphers

Hashes

Do

• SHA-3 >= 256 Bit
• SHA-2 >= 256 Bit
• BLAKE2

Don't

• SHA-1
• Hashes with 128 bit length
• MD5

Password Hashing

Do

• scrypt !important - use the right parameter
• bcrypt with following format: brypt(base64(sha-512(password)))
• PBKDF2

Don't

• Hash-only (MD5, SHA-X)
• Any encryption algorithm