Link to this headingCrypto

Complete List of Ciphers

Small Crypto Lib
Breaking a Toy Hash Function
The Definitive 2019 Guide to Cryptographic Key Sizes and Algorithm Recommendations
Contains tools for solving RSA and other crypto problems in CTFs.

Link to this headingSteganography

Python program to steganography files into images using the Least Significant Bit
Aletheia is an open source image steganalysis tool for the detection of hidden messages in images.
Hide any data within a image file or Watermarking image with an invisible signature to detect unauthorized file copying.

Link to this headingEncrypted file system

Single User Encrypted Disk Key Generation:

#Stored on Chip #----------------------------------------------------------------------------- # user1_stored_verification_salt | user1_stored_derivation_salt | user1_stored_hash | #----------------------------------------------------------------------------- user1_test_hash = HashFunction(user_password + user1_stored_verification_salt) if(user1_test_hash == user1_stored_hash): data_encryption_key = HashFunction(user1_password + user1_stored_key_salt)

Multi User Encrypted Disk Key Generation:

#Stored on Chip #----------------------------------------------------------------------------------------------------------------------------------- # user1_stored_verification_salt | user1_stored_derivation_salt | user1_stored_verification_hash | user1_stored_key_encryption_key | #----------------------------------------------------------------------------------------------------------------------------------- # user2_stored_verification_salt | user2_stored_derivation_salt | user2_stored_verification_hash | user2_stored_key_encryption_key | #----------------------------------------------------------------------------------------------------------------------------------- # stored_encrypted_disk_encryption_key | #--------------------------------------- user1_test_hash = HashFunction(user1_password + user1_stored_verification_salt) if(user1_test_hash == user1_stored_hash): user1_symmetric_key_encryption_key = HashFunction(user1_password + user1_stored_key_salt) decrypted_shared_key = DecryptionFunction(key=user1_symmetric_key_encryption_key, input=user1_stored_key_encryption_key) data_encryption_key = DecryptionFunction(key=decrypted_shared_key, input=stored_encrypted_disk_encryption_key)

Link to this headingAEAD

Authenticated Encryption with Additional Data (AEAD)
https://en.wikipedia.org/wiki/Authenticated_encryption

Encrypt-then-MAC (EtM)
- MAC the encrypted data
- Best Option

Encrypt-and-MAC (E&M)
- Encrypt and concat the mac of the plaintext

MAC-then-Encrypt (MtE)
- Padding oracle attacks

Use [AES-GCM](/Crypto/Symmetric Encryption/Block Ciphers/GCM.md), [XSalsa20](/Crypto/Symmetric Encryption/Salsa_ChaCha#extended-iv-chacha-xchacha)-Poly1305 or AES in [CTR](/Crypto/Symmetric Encryption/Block Ciphers/CTR) mode with a polynomial MAC.

Avoid:
AES-[CBC](/Crypto/Symmetric Encryption/Block Ciphers/CBC), AES-[CTR](/Crypto/Symmetric Encryption/Block Ciphers/CTR) by itself, block ciphers with 64-bit blocks — most especially [Blowfish](/Crypto/Symmetric Encryption/Blowfish), which is inexplicably popular, [CTR](/Crypto/Symmetric Encryption/Block Ciphers/OFB) mode. Don’t ever use [RC4](/Crypto/Symmetric Encryption/RC4), which is comically broken.

Link to this headingSymmetric key length

  • 256 bit keys.

Link to this headingSymmetric “Signatures”

Avoid:
custom “keyed hash” constructions, HMAC-[MD5](/Crypto/Hash Functions/MD5), HMAC-[SHA1](/Crypto/Hash Functions/SHA1), complex polynomial MACs, encrypted hashes, CRC.

Link to this headingHashing algorithm:

  • Use SHA-512/256

Avoid:
[SHA-1](/Crypto/Hash Functions/SHA1), [MD5](/Crypto/Hash Functions/MD5), MD6.

Link to this headingRandom IDs

  • Use 256-bit random numbers. From /dev/urandom.

Avoid:
userspace random number generators, the OpenSSL RNG, havaged, prngd, egd, /dev/random.

Link to this headingPassword handling

In order of preference, use [Argon2id](/Crypto/Key Derivation/Argon2#argon2id), [Scrypt](/Crypto/Key Derivation/Scrypt), [bcrypt](/Crypto/Hash Functions/BCrypt), and then if nothing else is available [PBKDF2](/Crypto/Key Derivation/PBKDF2)

Avoid:
[SHA-3](/Crypto/Hash Functions/SHA3), naked [SHA-2](/Crypto/Hash Functions/SHA2), [SHA-1](/Crypto/Hash Functions/SHA1), [MD5](/Crypto/Hash Functions/MD5).

Link to this headingAsymmetric encryption

  • Use Nacl/libsodium (box / crypto_box). [Curve25519](/Crypto/Asymmetric Encryption/Curves/Montgomery Curves#curve25519)
  • Don’t use RSA.

Avoid: Systems designed after 2015 that use [RSA](/Crypto/Asymmetric Encryption/RSA), RSA-PKCS1v15, [ElGamal](/Crypto/Asymmetric Encryption/ElGamal), I don’t know, Merkle-Hellman knapsacks? Just avoid RSA.

Link to this headingECC vs RSA

Here are several reasons you should stop using RSA and switch to elliptic curve:

RSA (and DH) drag you towards “backwards compatibility” (ie: downgrade-attack compatibility) with insecure systems.
RSA begs implementors to encrypt directly with its public key primitive, which is usually not what you want to do
RSA has too many knobs. In modern curve systems, like [Curve25519](/Crypto/Asymmetric Encryption/Curves/Montgomery Curves#curve25519), everything is pre-set for security.

Link to this headingAsymmetric signatures

  • Use Nacl or [Curve25519](/Crypto/Asymmetric Encryption/Curves/Montgomery Curves#curve25519).

Avoid:
RSA-PKCS1v15, RSA, ECDSA, DSA; really, especially avoid conventional DSA and ECDSA.

Link to this headingDiffie-Hellman

  • Probably nothing. Or use [Curve25519](/Crypto/Asymmetric Encryption/Curves/Montgomery Curves#curve25519).

Avoid:
conventional [DH](/Crypto/Key Exchange/Diffie-Hellman), [SRP](/Crypto/Key Exchange/Authenticated Key Exchange/Secure Remote Password Protocol), [J-PAKE](/Crypto/Key Exchange/Authenticated Key Exchange/JPAKE), handshakes and negotiation, elaborate key negotiation schemes that only use block ciphers, srand(time()).

Link to this headingWebsite security

  • Use AWS ALB/ELB or OpenSSL, with LetsEncrypt

Avoid:
offbeat TLS libraries like PolarSSL, GnuTLS, and MatrixSSL.

Link to this headingClient-server application security

Use AWS ALB/ELB or OpenSSL, with LetsEncrypt

Link to this headingOnline backups

  • Tarsnap