This Cheatsheet aims to help the use of best practices when implementing cryptography to protect sensitive data.
Rule #1 - Don't roll your own crypto
Firstly do not attempt to come up with your own cryptographic algorithm. Many cryptographers have spent many hours coming up with the standard algorithms available today. In addition, these algorithms have been vetted by several professional cryptographers.
Secondly, use existing popular cryptographic libraries and frameworks where possible. Cryptography is complex and it is all too easy to get it wrong. Instead rely on something which has had many people and organizations vet and review.
Rule #2 - Keep the encryption key secret
Most of the security of any encryption algorithm depends on the encryption key being kept secret. If an attacker is able to obtain the encryption key, they will almost certainly be able to decrypt the data. So this includes:
- Don't hard code encryption keys
- Ensure encryption keys are sufficiently random and unique (not easy to guess or brute force)
- Make the encryption key as long as possible
- Ensure you limit access to the encryption key to only those who need access to this (this includes system/OS users)
Rule #3 - Don't use obfustication as a means of protection
Several people rely upon obfustication as a means of further protecting their encryption methodology. All this does is complicate things further, resulting in the potential for more things to go wrong and thus introduce further potential security holes. If you are using a strong well know encryption algorithm along with a strong well protected private key, this is all the protection which you would ever need, and obfustication will not provide any additional protection. All obfustication does in terms of an attacker is potentially slow them down a bit.
Rule #4 - Use strong entropy
When using cipher algorithms which make use of an Initialization Vector (IV) or salt, that the value is unique and has generated using strong entropy, thus making it securely random.
Rule #5 - Don't use encryption ciphers to user passwords
Unless there is an explicit need to obtain the plaintext password for a user, do not use a encryption ciphers (cipher algorithms where you can obtain the plaintext vale from the appropriate encryption key(s)). You should instead be using a suitable hashing algorithm. This means if an attacker is able to obtain the hash value, they cannot feasibly obtain the plain text value used to generate that hash value.