Are you a developer in need of some crypto? If so, you've come to the right place!
These guidelines outline:
- Cryptographic library recommendations
- Cryptographic algorithm recommendations
- Parameter recommendations
- Important implementation details
Parts are opinion-based, but most of this information is derived from expert recommendations alongside real-world protocols and applications designed by cryptographers and cryptography engineers.
Importantly, unlike some other guidelines online, justification is provided for why certain libraries and algorithms are preferable. This helps with learning and enables fact checking, allowing you to ultimately come to your own conclusions.
In general, boring is better, whereas complexity risks catastrophe. With more complicated designs, contacting a cryptography engineer is strongly recommended.
Note that some knowledge of cryptography is required to understand the terminology used in these guidelines. For learning resources, check out this and this blog post.
- General Guidance
- Cryptographic Libraries
- Symmetric Encryption
- Message Authentication Codes
- Symmetric Key Size
- Random Numbers
- Hashing
- Password Hashing/Password-Based Key Derivation
- (Non-Password-Based) Key Derivation Functions
- Key Exchange/Hybrid Encryption
- Digital Signatures
- Asymmetric Key Size
- Concluding Remarks
- Acknowledgements
If you find these guidelines helpful, please star this repository and share the link around. Doing so might just prevent someone from making a catastrophic mistake.
If you have any feedback or corrections, please contact me privately here or publicly here to help improve these guidelines. Pull requests are also welcome but please be prepared for things to be reworded.
