Also, I gave the link to the appendix because there was a specific question abou... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rubendev 3 months ago \| parent \| context \| favorite \| on: Evaluating Argon2 adoption and effectiveness in re... Also, I gave the link to the appendix because there was a specific question about Argon2 parameters. For general developer audiences, they need to look at the standard itself which is a lot more high level about how to properly implement cryptography in software: https://github.com/OWASP/ASVS/blob/master/5.0/en/0x20-V11-Cr... For the most common use-cases of cryptography like authentication and secure communication there is more specific, but still high level guidance that is useful for developers as well: - https://github.com/OWASP/ASVS/blob/master/5.0/en/0x21-V12-Se... - https://github.com/OWASP/ASVS/blob/master/5.0/en/0x18-V9-Sel... - https://github.com/OWASP/ASVS/blob/master/5.0/en/0x15-V6-Aut...

tptacek 3 months ago [–]

This standard is bad. People should avoid it. For example: 11.2.2 (cryptographic agility) is an anti-pattern in modern cryptographic engineering.

rubendev 3 months ago | [–]

Please elaborate why you believe that? The ability to easily rotate encryption keys is considered an anti pattern?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact