In the face of an ongoing stream of advice from an active security community, the struggle for software developers has long been to differentiate problems that introduce real risk to their systems from hypothetical research focused on attacks that wonʼt be feasible in the mainstream for years.
This document by Yekaterina Tsipenyuk OʼNeil from Fortify provides best-practice guidelines for using modern cryptography in software systems. These guidelines are backed up by the research of the security community and strive to align themselves with the practical tradeoffs between maximal security and acceptable paranoia.
Even though there are a number of cryptographic primitives we could discuss, the "Crypto Manifesto" is limited to the following:
- Cryptographic Hashes
- Encryption and Encoding
- Symmetric and Public Keys
- Pseudo-Random Number Generators (PRNGs).
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.