👨‍💻
Application Security Handbook
  • Application Security Handbook
  • Web Application
    • Authentication
      • Authentication with Login and Password
      • Authentication with Phone Number
      • OAuth 2.0 Authentication
      • Multi-factor Authentication
      • Default Passwords
      • Password Change
      • Password Policy
      • Password Reset
      • Password Storage
      • One Time Password (OTP)
      • Email Address Confirmation
    • Authorization
    • Concept of Trusted Devices
    • Content Security Policy (CSP)
    • Cookie Security
    • Cryptography
      • Cryptographic Keys Management
      • Encryption
      • Hash-based Message Authentication Code (HMAC)
      • Hashing
      • Random Generators
      • Universal Unique Identifier (UUID)
    • Error and Exception Handling
    • File Upload
    • Input Validation
    • JSON Web Token (JWT)
    • Logging and Monitoring
    • Output Encoding
    • Regular Expressions
    • Sensitive Data Management
    • Session Management
    • Transport Layer Protection
    • Vulnerability Mitigation
      • Brute-force
      • Command Injection
      • Cross-Site Request Forgery (CSRF)
      • Cross-Site Scripting (XSS)
      • Mass Parameter Assignment
      • Parameter Pollution
      • Path Traversal
      • Regular Expression Denial of Service (ReDoS)
      • SQL Injection (SQLi)
      • XML External Entity (XXE) Injection
Powered by GitBook
On this page
  • Overview
  • General practices
  1. Web Application

Cryptography

Overview

This section contains recommendations for implementing and using functionality related to cryptographic operations.

Main rule of cryptography is do not invent your own cryptography. It can definitely be hacked.

General practices

Scenario
Algorithm (base)
Algorithm (advanced)

Key exchange

Diffie-Hellman key exchange, 2048 bit

ECDH Curve25519

Message integrity

HMAC-SHA2, 256 bit

HMAC-SHA2, 512 bit

Message hash

SHA2, 256 bit

SHA2, 512 bit

Asymmetric encryption

RSA, 2048 bit, SHA-256

ECC Curve25519 or RSA, 3072 bit, SHA-256

Symmetric encryption

AES, 128 bit, GCM

AES, 256 bit, GCM

Key exchange

Argon2 or PBKDF2

Argon2 or PBKDF2

PreviousCookie SecurityNextCryptographic Keys Management

Last updated 1 year ago