Post by Polaris Seltzeris on Dec 7, 2016 8:37:34 GMT
Honestly surprised I didn't make a thread like this awhile ago, but curious on what these forum's favorite crypto/hash types are.
For symmetric algorithms, AES is the most used and most secure cryptographic algorithm, while Blowfish is another popular alternative but I don't really see how it's better than AES.
As for asymmetric algorithms, RSA is the most used but I can't say it's the most secure due to rumors of the NSA breaking it. PGP also has some security flaws but it's also pretty widely used.
If you're confused, symmetric cryptographic algorithms only have a key and the encrypted message, so you can't decrypt the message unless you have the key. As for asymmetric algorithms, you get the public key and the encrypted message, but there is also a private key you must have to decrypt the message.
Hashes are a completely different subject though because they don't have a key, which is why they're used to 'hash' passwords. Arguably the most secure thing you can do to hash passwords right now is use 100,000 rounds of SHA3-512 on all passwords, although bcrypt is still the default hash in PHP which is really dumb considering every day bcrypt gets more and more easy to crack (afaik now it only takes a few days on an OVH VPS to crack a bunch of bcrypt hashed passwords), but luckily people are switching from PHP to Java or Python (django!) web frameworks.
For symmetric algorithms, AES is the most used and most secure cryptographic algorithm, while Blowfish is another popular alternative but I don't really see how it's better than AES.
As for asymmetric algorithms, RSA is the most used but I can't say it's the most secure due to rumors of the NSA breaking it. PGP also has some security flaws but it's also pretty widely used.
If you're confused, symmetric cryptographic algorithms only have a key and the encrypted message, so you can't decrypt the message unless you have the key. As for asymmetric algorithms, you get the public key and the encrypted message, but there is also a private key you must have to decrypt the message.
Hashes are a completely different subject though because they don't have a key, which is why they're used to 'hash' passwords. Arguably the most secure thing you can do to hash passwords right now is use 100,000 rounds of SHA3-512 on all passwords, although bcrypt is still the default hash in PHP which is really dumb considering every day bcrypt gets more and more easy to crack (afaik now it only takes a few days on an OVH VPS to crack a bunch of bcrypt hashed passwords), but luckily people are switching from PHP to Java or Python (django!) web frameworks.
