Skip to main content

Mortal sins of crypto

Must Do

If you have data in flight, use TLS (what used to be SSL)
If you have data at rest, use PGP.

Must Not Do

MAC-then-Encrypt: you leave yourself open to attacks against your crypto implementation.
Use hashes instead of MACs: you neable hash extension attacks.
Reuse key-IV or key-nonce pairs: you open yourself up to a multitude of issues.
Ever Use ECB: there's never a good use case for ECB.

Must Do
Must Not Do