Like, I need to authenticate that a client is a known identity. What algo? How to use it? What to avoid? I need to sign a message or document. How? I need to verify said message. How? I need to store passwords. How?
I know some crypto, but discovering and learning about them is a bit of a pain. For how important crypto is, you‘d think someone would have bothered to teach developers how to choose and deploy these algorithms properly.
They'll provide you one blessed algorithm for every primitive with secure alternatives if your use-case demands them. XChaCha20-Poly1305 for encryption, EdDSA for signatures, X25519 for key exchange, BLAKE2b for a hash, Argon2i for a KDF.
I'd love to just replace it with age for all use encryption use cases, but unfortunately age doesn't do AEAD without involving a password.
It was updated a few times, I wonder if the equivalent exists for PQ?
Edit/Update: Found the PQ one @ [2], definitely check it out!
Maybe I'm mis-remembering, but perhaps the most controversial element was the regular recommendation of AES-GCM. It certainly has excellent security properties, but also a certain brittleness re: nonces.
[1] https://www.latacora.com/blog/2018/04/03/cryptographic-right... [2] https://www.latacora.com/blog/2024/07/29/crypto-right-answer...
> Latacora, 2024: You should get 100 lava lamps, point a camera to them and use the frames as seed for a PRNG.
Man, is my boss gonna be surprised what's getting requisition ordered this morning.
In this case, you're asking the wrong question.
When people say "what algo?" in such a context, the answers will be flavored as "Ed25519 vs secp256k1 vs RSA-PKCS1v1.5" when you should first be asking "what level of abstraction am I dealing with?" and "what are the constraints?"
Like, maybe "algo" isn't even a relevant concern.
If I were designing a simple token-based auth scheme today, I'd reach for PASETO. Unless I need interop with a third-party provider, who almost universally use JWTs and prevent me from having any say or choice in the matter.
With PASETO, you don't need to know, or even care, about "what algo?" You only need to consider mode, which is more of a use-case question.
But with JWTs, you not only have to care about "what algo?" your system needs to be very delicate in how it processes them. https://www.howmanydayssinceajwtalgnonevuln.com
I cannot imagine proactively writing a cheat sheet for every possible use case. You might be tempted to use AI to solve this problem on demand, but the cost of a hallucination here is pretty high.
If you find yourself regularly asking this question, I'd recommend just hiring a cryptography consultant.
I think it‘s pretty good.
With symmetric algorithms, e.g. AES, and modes of operation, is there a "best" one? Currently GCM seems to be quite popular. Is there something (an AEAD?) better? Now that the patent of OCB(3?) is expired, is it worth changing?
https://soatok.blog/2020/07/12/comparison-of-symmetric-encry...
EDIT: Actually, the parts about OPAQUE are no longer relevant because they changed the protocol before the RFC was final to not need encryption, but that was just an example of where you'd make this sort of trade-off decision, so the rest of the article is still relevant.
Committing, better performance, random nonces - let's go.
[1] https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead
teleforce•3mo ago
https://cacr.uwaterloo.ca/hac/
commandersaki•3mo ago