Cryptography
Overview
This section contains recommendations for implementing and using functionality related to cryptographic operations.
Main rule of cryptography is do not invent your own cryptography. It can definitely be hacked.
General practices
| Scenario | Algorithm (base) | Algorithm (advanced) |
|---|---|---|
Key exchange | Diffie-Hellman key exchange, 2048 bit | ECDH Curve25519 |
Message integrity | HMAC-SHA2, 256 bit | HMAC-SHA2, 512 bit |
Message hash | SHA2, 256 bit | SHA2, 512 bit |
Asymmetric encryption | RSA, 2048 bit, SHA-256 | ECC Curve25519 or RSA, 3072 bit, SHA-256 |
Symmetric encryption | AES, 128 bit, GCM | AES, 256 bit, GCM |
Key exchange | Argon2 or PBKDF2 | Argon2 or PBKDF2 |
Last updated