We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Don’t Throw Away the Key: What Developers Should Know about Encryption - Liz Moy - NDC TechTown 2023
Learn the essentials of encryption for developers, including choosing the right algorithms, managing keys, and considering post-quantum cryptography, to ensure maximum security and compliance.
- Don’t roll your own encryption, use established libraries and cryptographic algorithms instead.
- AES is widely used, but when choosing an encryption algorithm, consider factors like key size, block size, and mode.
- Symmetric and asymmetric encryption have different use cases, and key management is crucial for each.
- Use a hybrid approach combining symmetric and asymmetric encryption for maximum security.
- Consider using file-level and field-level encryption, as well as full-disk encryption for sensitive data.
- Pay attention to compliance and regulation requirements, and ensure encryption meets them.
- Post-quantum cryptography is important to consider, as quantum computers will eventually compromise current encryption methods.
- Key storage and management are critical, and storing keys securely is essential.
- Use established libraries and cryptographic algorithms, and avoid “reinventing the wheel” when it comes to encryption.
- Hashing algorithms like MD5 and SHA1 are not suitable for encryption, and should only be used for digital signatures.
- Node.js and Python have built-in cryptographic libraries, and Rust has several options as well.
- Consider using Cloudflare’s libraries for symmetric encryption, and OpenSSL for asymmetric encryption.
- Educate yourself on cryptography and stay up-to-date with developments in the field.