| > * Never said AES ECB was an alternative to DES. > AES CBC instead of ECB or (gasp) Triple DES What? This entire vein of conversation is nothing but miscommunication. These are two choices a developer should use: * crypto_secretbox() and crypto_secretbox_open()
from NaCl or libsodium
* rm -rf code/ && shutdown
Yes, a privileged few are actually capable of cobbling together a secure cryptosystem out of AES, HMAC, SHA2-family hash functions, and maybe Ed25519 and X25519 if they have a sane implementation available. The general public should just use whatever AEAD mode they're provided and not build their own disaster.> * I would never use 3DES. Good. > * I am aware of that, just TLDRing. SHA-256 is my cup of tea. SHA-384 is mine. https://blog.skullsecurity.org/2012/everything-you-need-to-k... Except for passwords. You don't use simple hash functions for passwords. > * Did I say they were a MAC? I would use CBC HMAC + SHA-256 for that. I'm assuming you meant AES-CBC + HMAC-SHA-256 here, in an encrypt-then-authenticate mode. By "assuming" I of course meant "hoping". > * No idea, since I'm not an expert at AES. AES expertise isn't the issue here. Composing a secure cryptography protocol out of standard implementations is a rare skill set among software engineers. |