What’s Next?

Cryptography is very difficult to get right. Don’t write your own, and don’t use low-level libraries either. Instead, use high-level libraries that have a degree of misuse-resistance. Use NaCl,[97] libsodium,[98] or Tink[99] for encryption at rest. Use TLS 1.3 (or TLS 1.2 if you have legacy constraints) in a configuration that gets an A from SSL Labs[100] for data in transit. Use scrypt,[101] bcrypt,[102] PBKDF2,[103] or Argon2[104] for password hashing.

Next up, we’ll take a look at some best practices relating to Windows. In particular, we’ll take a look at the way that Windows handles password hashing.

Footnotes

[57]

https://nacl.cr.yp.to/

[58]

https://libsodium.org/

[59]

https://github.com/google/tink

[60]

https://www.ssllabs.com/ ...

Get Practical Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial