[Cyph0n]

* Never said AES ECB was an alternative to DES.

* I would never use 3DES.

* I am aware of that, just TLDRing. SHA-256 is my cup of tea.

* Did I say they were a MAC? I would use CBC HMAC + SHA-256 for that.

* No idea, since I'm not an expert at AES.

I feel like you're offended that I didn't like the article. It's just an opinion, don't take it personally.

[CiPHPerCoder]

> * Never said AES ECB was an alternative to DES.

> AES CBC instead of ECB or (gasp) Triple DES

What? This entire vein of conversation is nothing but miscommunication.

These are two choices a developer should use:

  * crypto_secretbox() and crypto_secretbox_open()
    from NaCl or libsodium
  * rm -rf code/ && shutdown

Yes, a privileged few are actually capable of cobbling together a secure cryptosystem out of AES, HMAC, SHA2-family hash functions, and maybe Ed25519 and X25519 if they have a sane implementation available. The general public should just use whatever AEAD mode they're provided and not build their own disaster.

> * I would never use 3DES.

Good.

> * I am aware of that, just TLDRing. SHA-256 is my cup of tea.

SHA-384 is mine.

https://blog.skullsecurity.org/2012/everything-you-need-to-k...

Except for passwords. You don't use simple hash functions for passwords.

> * Did I say they were a MAC? I would use CBC HMAC + SHA-256 for that.

I'm assuming you meant AES-CBC + HMAC-SHA-256 here, in an encrypt-then-authenticate mode.

By "assuming" I of course meant "hoping".

> * No idea, since I'm not an expert at AES.

AES expertise isn't the issue here. Composing a secure cryptography protocol out of standard implementations is a rare skill set among software engineers.

[Cyph0n]

And I thought I couldn't have gotten a worse response! Good job :)

[tptacek]

I'm not offended that you didn't like the article. I'm saying you failed to summarize it. I'm pretty sure I know what the point of this particular article was. :)

[Cyph0n]

OK, fair enough.