This is part of what will be a series of articles about the practical aspects of using encryption as a developer. Very often, you are working with operating systems, frameworks and libraries that provide encryption services and it seems easy enough - load the library, create a key, call encrypt(...) and viola, you have encrypted your data! Or perhaps all you need to do is install a certificate and the underlying plumbing will take care of encrypting your communications. But what about... Which encryption algorithm should you use? How many bits of encryption do you need? How do you keep the key out of the source code? What's a cryptographic hash, an HMAC, salt, certificate authority, and etc...? Do we really need to bother with encryption? It's a lot of stuff often, and spread all over the internet and if you get it wrong, it can be bad. So, let's look at some of the good, trustworthy sources together. Like OWASP. Here is their fundamentals guide: https:/
Thoughts and Ideas of a working software engineer. Observations of the oft-forgotten, but painfully obvious. Remember: Experience pays, and experience costs.