For instance in a java application, what would be our recommended algorithm to securely cipher confidential information?
hey you @hermit-purple
I would say that everything depends on the implementation you configure, the main point is to know that the cryptographyc method you chose should keep you safe.
There are certain rules though:
- First, make sure there isn’t already known vulnerabilities or ways to break the security of the algorithm you selected.
- Don’t build your own cryptographical functions or protocols because it could lead you to security braches. You can find more information here: https://fluidattacks.com/web/rules/147/
- Make sure to set a secure key size and hash size, those recommended are:
https://fluidattacks.com/web/rules/149/ 128 bits for symmetric
https://fluidattacks.com/web/rules/148/ 2048 bits for asymmetric
https://fluidattacks.com/web/rules/148/ 256 bits for hash functions - Use a secure random function to generate the iv and salt values
- Implement a method to make the integrity checking.
- Keep your keys secure, don’t let them on your code in plaintext and set a timeout for them.
- Do not use the same key to encrypt and to sign.
1 Like