Ask HN: Current Crypto Best Practices

[+] jjperezaguinaga|9 years ago|reply

If you come from a computer science/math background, and want an intro to cryptography in general, I can strongly recommend the Coursera course from Stanford University by professor Dan Boneh - https://www.coursera.org/learn/crypto. To really understand the implementations of security libraries and tools, one should be at least familiar with the fundamentals and terminology of crypto. Otherwise you are blindly encrypting things without being aware of whether you are actually securing things.

The course is free and takes 6 weeks long, and is very interesting if you had never dwelled too deep into security or crypto. There's also a new cryptography class that will be available in September of 2017 - https://www.coursera.org/learn/crypto2.

[+] hueving|9 years ago|reply

TBH this doesn't really give you anything about best practices though. It's a bunch of base theory without anything about timing analysis, etc. It's nice to know information but I don't think it makes you a better 'secure' programmer.

[+] qjighap|9 years ago|reply

I loved the first crypto course.

I have been enrolled in the crypto2 class for several years now. I hope they finally offer the course, but I have low hopes.

[+] mlaretallack|9 years ago|reply

Cryptographic Right Answers is a good place to start

https://gist.github.com/TheZ3ro/fb521a3cde0c91fcb350

[+] baby|9 years ago|reply

The original from tqbf: https://gist.github.com/tqbf/be58d2d39690c3b366ad

It's definitely completely relevant today. Find out what you want to do and check that list.

A few things I would update:

* password handling -> Scrypt or Argon2

* Client-server application security -> TLS or Noise

* Hashing/HMAC algorithm -> Blake2/prefix-MAC or KangarooTwelve/KMAC

* Fingerprint -> TupleHash

* key derivation -> HKDF or SHAKE or BLAKE2X

And of course for each of these items, if a NaCL/libsodium solution already exist, just use it.

[+] cvwright|9 years ago|reply

I'm surprised to see so few recommendations for libsodium. https://download.libsodium.org/doc/

For pretty much any crypto task that a "run-of-the-mill programmer" is likely to run into, they've got you covered.

Secret key encryption: https://download.libsodium.org/doc/secret-key_cryptography/a...

Password hashing: https://download.libsodium.org/doc/password_hashing/

[+] bsder|9 years ago|reply

I would go for TweetNaCl instead.

The problem I have with most of the crypto libraries is that their attack surface is absolutely enormous.

Most people don't need SSL. Most people don't need a zillion choices.

Most people need a single choice that actually works and is resistant to programmer error.

[+] garrettr_|9 years ago|reply

Cryptography Engineering [0] is a great book that covers key topics in cryptography with a focus on best practices for implementors and system/protocol designers.

Matthew Green's blog, A Few Thoughts on Cryptographic Engineering [1], has a wealth of interesting posts that are often aimed at explaining cryptography to a "technical but non-cryptographer" audience, and tend to be motivated by recent events in security/cryptography news.

[0]: https://www.amazon.com/Cryptography-Engineering-Principles-P... [1]: https://blog.cryptographyengineering.com/

[+] lucb1e|9 years ago|reply

The IT Security StackExchange website contains lots of information which is generally kept reasonably up to date. For example a TLS answer might be a bit old and not list last week's attack, but if something turns incorrect it will often be edited.

https://security.stackexchange.com

[+] Tepix|9 years ago|reply

OWASP has some nice guidelines on a lot of topics, including storing passwords.

Start at https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

[+] tptacek|9 years ago|reply

OWASP's cryptography advice is almost invariably awful, and that password storage thing is among the worst of it. It's better now than it was when it recommended against password hashes (note that it still recommends "cryptographically strong salts") but remains factually incorrect in more than one place, including the notion that PBKDF2 is better than bcrypt (the opposite is true).

[+] spydum|9 years ago|reply

Agree with this, except I often find OWASP hard to navigate or know what's still relevant. Plenty of old projects linger about. They try to flag projects but still troubling.

[+] tptacek|9 years ago|reply

The answers for this depend on what you're trying to do. Can you be more specific? Coda's password storage advice is still the best advice for people who don't know what they'd do otherwise.

[+] lothiraldan|9 years ago|reply

I'm currently building a community website for these kind of questions (storing password, constant-time token comparison), the design is pretty raw for the moment: https://sqreen.github.io/DevelopersSecurityBestPractices/saf...

The code examples are in Python, but I plan to add pages in other languages.

[+] mistat|9 years ago|reply

The golden rule about storing a password is to not store a password... I can't wait till SQRL takes off

[+] mataug|9 years ago|reply

It won't. See http://security.blogoverflow.com/2013/10/debunking-sqrl/ for a myriad of reasons.

I've also come to realize that one should take everything that SG says with a large table spoon of salt.

[+] pryelluw|9 years ago|reply

For reference: https://www.grc.com/sqrl/sqrl.htm

[+] tlrobinson|9 years ago|reply

Is that at all likely? Looks like SQRL was published in 2013... and this is the first I've heard of it.

[+] yeukhon|9 years ago|reply

I argue that one-time password with a secure MFA implementation is essentially the best viable solution.

[+] cshep|9 years ago|reply

Dan Boneh's Coursera course is ideal for any beginner. Cryptography Engineering by Schneier et al. is good, as is Ross Anderson's Security Engineering, but both are fairly dated.

The OWASP guidance is OK for a quick access to best practices, but insufficient for rigorous learning.

Cryptography takes time to digest the fundamentals and recognise how new concepts are both beneficial and, vitally, disadvantageous; sadly, there is no cheat sheet or quick fix.

Source: computer security PhD student.

[+] unknown|9 years ago|reply

[deleted]

[+] yeukhon|9 years ago|reply

Quick sites:

* PyCon Crypto 101 - https://www.crypto101.io/ (and if you use Python, please use Cryptography library for encryption/decryption please, Python built-in provides sha and hmac already though, and please adopt your framework's security implementation whenever possible).

* Mozilla Web Security Guidelines - https://wiki.mozilla.org/Security/Guidelines/Web_Security

* Mozilla Secure Coding Guideline - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines

* Mozilla Server Side TLS - https://wiki.mozilla.org/Security/Server_Side_TLS

* Mozilla Intro to Cryptography (slide: https://april.github.io/crypto-presentation video: https://www.youtube.com/watch?v=bg32spD2mB0)

* Mozilla Web wiki - https://developer.mozilla.org/en-US/docs/Web (understand CORS, Cookies, CSP, etc)

* Google's course on security - https://google-gruyere.appspot.com/ (original course page has been taken down by Google already)

Book recommendations:

* The Web Application Hacker's Handbook

* The Tangled Web: A Guide to Securing Modern Web Applications (written by the famous Michał Zalewski working at Google, and lately known for developing the American Fuzzy Loop AFL which has been used for uncovering many new CVE bugs).

* Hacking: The Next Generation

* Securing DevOps (to be released soon)

Publications:

* USENIX - https://www.usenix.org/ (tons of free high quality conference talks, I like USENIX over ACM)

* Real World Crypto

Getting real

* Go find bug bounty program out there, many well-written posts how one discovered bugs

* Follow a bunch of security engineers / security-minded folks on Twitter (e.g. @matthew_d_green would be a good start)

OWASP is a great reference, you read it as an index page. But like others have pointed out, the Wiki is often outdated, but concepts almost always remain the same. Use multiple resources before implementing a solution, and never just copy and paste solution posted by others on Stackoverflow. Sorry for so many Mozilla stuff definitely there's some bias from me but I trust folks running the sec team there.

[+] zitterbewegung|9 years ago|reply

A good guide for password hashing is https://paragonie.com/blog/2016/02/how-safely-store-password... . I think your codehale link is out of date since it's from 2010.

[+] elithrar|9 years ago|reply

Not bad, but I found this questionable:

> The other Password Hashing Competition finalists (Catena, Lyra2, Makwa, and yescrypt)

These were promoted above PBKDF2; algorithms with few implementations. PBKDF2-HMAC-SHA-512 with sufficient iterations is typically robust, and has been scrutinized.

I personally prefer scrypt, but in lieu of a solid scrypt or bcrypt lib I wouldn't hesitate to lean on PBKDF2 over the others.

Argon2i was in the same boat but being in libsodium went a long way to reinforcing trust, although Argon2i and Argon2d should really have had distinct names.

[+] jeremymcanally|9 years ago|reply

I made this a while ago: http://howtostoreapassword.com. Still relevant I think. :)

I should probably update it to use one of the more modern algos, but the availability of good bcrypt libraries makes it solid advice still.

[+] wooshy|9 years ago|reply

That was pretty comical. I don't know if it is just my connection but it seems to take a pretty long time to load a page with a relatively small amount of content.

[+] alinajaf|9 years ago|reply

Not necessarily best practices, but I recommend the Matasano Crypto Challenges to basically everyone. I make all of the developers on our team do them too:

http://cryptopals.com

[+] deckar01|9 years ago|reply

Those challenges teach vulnerabilities in old, low level cryptographic primitives. As much as I enjoyed those challenges, they are not a good place to start for a developer trying to build a secure application.

[+] bsder|9 years ago|reply

So, what's the recommendation for an Authenticated Key Exchange?

I see a lot of "don't use" but I don't see any "do use" for that case.

[+] jasdeepsingh|9 years ago|reply

May be on a tangent and a shameless plug, but I just posted https://news.ycombinator.com/item?id=14042150 this morning.

Underlock is a small Ruby library that helps with Encrypting/Decrypting of files and other data.

[+] tptacek|9 years ago|reply

Unfortunately, I think libsodium remains a categorically better answer for this problem.

[+] SAEIDBARAN1368|9 years ago|reply

[deleted]

[+] nommm-nommm|9 years ago|reply

OWASP (non-profit)

https://www.owasp.org/

NIST (government)

https://www.nist.gov/publications/

[+] MaxfordAndSons|9 years ago|reply

FYI I think you're getting downvoted because NIST is known to have recommended a pseudo-random number generation algorithm that is believed to have been intentionally designed with a backdoor [1], presumably by some US 3 letter agency.

OWASP seems like a decent source for learning about security topics at a high level (particularly web app security).

[1]http://dualec.org/

68 comments