Gregory's ServerPassword cryptography.
Password hashing, key stretching, KDFs, and bears (oh my!)
https://soatok.blog/2022/12/29/what-we-do-in-the-etc-shadow-cryptography-with-passwords/
|
4 comments
 Cryptographic agility sucks. What to do instead: https://soatok.blog/2022/08/20/cryptographic-agility-and-superior-alternatives/ An updated comparison of elliptic curves for use in cryptography (since djb's SafeCurves is out of date): https://soatok.blog/2022/05/19/guidance-for-choosing-an-elliptic-curve-signature-algorithm-in-2022/ Don't use RSA in 2023. But if you must use RSA, please don't use RSA directly to encrypt messages: https://soatok.blog/2021/01/20/please-stop-encrypting-with-rsa-directly/ If you want to go above and beyond, here's some more things to think about: |
Why I dislike AES-GCM.
https://soatok.blog/2020/05/13/why-aes-gcm-sucks/
And one way we could make it better:
https://soatok.blog/2022/12/21/extending-the-aes-gcm-nonce-without-nightmare-fuel/