Skip to content

cryptography

Password hashing (and key derivation)

Password Based Key Derivation Function (aka pbkdf2) applies a hash function (HMAC) to password + salt and repeats i times to produce a key of n length. NIST recommands 128 bit for salt and i 120 000 if HMAC is SHA3-512. It is ASICs attacks prone.

scrypt is newer and less prone to ASICs (it requires more RAM) and GPU attacks

argon2 might be best, argon2id sums argon2d and argon2i advantages.

libs:
pbkdf2 js

links:
Nakov's cryptobook

25519 curves

nacl.box uses Montgomery 25519 curve whereas nacl.sign uses Edwards 25519 (aka ed25519) curve.

ed25519 explanations

signing

post-quantum

In AUG24, NIST releases its final choices regarding post-quantum cyphers. See FIPS 203/204/205.
NIST FIPS

microsoft

# convert to .pfx format
$ openssl pkcs12 -export -in <certfile> -inkey <private.key> -out cert.pfx