Hacker News new | past | comments | ask | show | jobs | submit login

As a rule of thumb, pay attention to crypto parameters and cipher 'suites'. Use the highest SHA, use seven word diceware phrases for the password, ensure the latest TLS version is used, use a reputable & robust RNG, etc



SHA2 is fine. The "reputable" RNG comes with your OS; just use getrandom.


If you don't know what you're doing SHA-512/256 (note that's not a choice, that's the name of a single SHA-2 family member) is probably the member of the SHA-2 family to choose.


I go the other way and tell people to ignore KMAC and just use HMAC for everything, and then you don't really need to know about truncated SHA2.


Fair, I have no experience with which approach is more likely to prevent naive users from blowing their own feet off in practice.


My feeling is that like in 2001 it would have been valuable to get people to switch to a non-extendable hash by default because people were freelancing their own MACs, but sometime in the intervening 2 decades people switched fully over to HMAC, so that if you're dealing with someone who is literally writing their own prefixed key hash MAC, you've got bigger problems than Merkle Damgard.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: