This account is a replica from Hacker News. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.
| Official | https:// |
| Support this service | https://www.patreon.com/birddotmakeup |
rubendev
- 0 Followers
- 0 Following
- 4 Posts
This account is a replica from Hacker News. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.
Also, I gave the link to the appendix because there was a specific question about Argon2 parameters. For general developer audiences, they need to look at the standard itself which is a lot more high level about how to properly implement cryptography in software:
https://github.com/OWASP/ASVS/blob/master/5.0/en/0x20-V11-Cr...
For the most common use-cases of cryptography like authentication and secure communication there is more specific, but still high level guidance that is useful for developers as well:
- https://github.com/OWASP/ASVS/blob/master/5.0/en/0x21-V12-Se...
- https://github.com/OWASP/ASVS/blob/master/5.0/en/0x18-V9-Sel...
- https://github.com/OWASP/ASVS/blob/master/5.0/en/0x15-V6-Aut...
Which one would you recommend instead? Referring dev teams to NIST standards or the like doesn’t work well in my experience.
Yes it’s an audit checklist for when you need to know specifically what to use and with which parameters.
It’s unfortunate if there are mistakes in there. The people at OWASP would be very happy to receive feedback on their GitHub I’m sure.
The OWASP ASVS appendix on Cryptography is one of the best and concise resources I know for this kind of thing: https://github.com/OWASP/ASVS/blob/master/5.0/en/0x92-Append...
