crypto-best-practices-checklist.md 1.0 KB
title: Crypto Best Practives Checklist categories: [cheatsheets]
Do
- use libsodium or NaCl
- Use ECC
- if RSA -> RSA-OAEP
- Public Exponent e (> 3)
- >= 2048 bit keysize
Don't
- Textbook RSA
- RSA with the same pubkey (forward secrecy)
- RSA PKCS#1.5
Do
- Keysize > 128
- AES-GCM
- ChaCha20-Poly1305
Don't
- AES-CBC, AES-CTR
- OFB Mode
- 64 Bit Blocksize Ciphers
Do
- SHA-3 >= 256 Bit
- SHA-2 >= 256 Bit
- BLAKE2
Don't
- SHA-1
- Hashes with 128 bit length
- MD5
Do
- scrypt !important - use the right parameter
- bcrypt with following format: brypt(base64(sha-512(password)))
- PBKDF2
Don't
- Hash-only (MD5, SHA-X)
- Any encryption algorithm