Protocols

There are a lot of areas around cryptography protocols and what one should do to accomplish various things, see the table below for a good summary of many different areas.

Table 1. Summary
Area	Percival in 2009	Ptacek in 2015	Latacora in 2018
Online backups	tarsnap	tarsnap	tarsnap
Symmetric key length	256-bit	256-bit	256 bit
Symmetric “Signatures”	HMAC	HMAC	HMAC
Random IDs	256-bit	256-bit	256-bit
Hashing algorithm	SHA256 (SHA-2)	SHA-2	SHA-2
Password handling	Algorithms: scrypt PBKDF2	Algorithms: scrypt bcrypt PBKDF2	Algorithms: scrypt argon2 bcrypt PBKDF2
Website security	OpenSSL	Libraries: OpenSSL BoringSSL AWS ALB/ELB	Libraries: AWS ALB/ELB OpenSSL LetsEncrypt
Client-server app security	OpenSSL	Libraries: OpenSSL BoringSSL AWS ELBs	Libraries: AWS ALB/ELB OpenSSL LetsEncrypt
Asymmetric encryption	Use RSAES-OAEP with SHA256 as the hash function, MGF1+SHA256 as the mask generation function, and a public exponent of 65537. Make sure that you follow the decryption algorithm to the letter in order to avoid side channel attacks.	NaCl/libsodium	NaCl/libsodium
Asymmetric signatures	Use RSASSA-PSS with SHA256 as the hash function, MGF1+SHA256 as the mask generation function, and a public exponent of 65537.	Algorithms: NaCl Ed25519 RFC6979	Algorithms: NaCl Ed25519
Diffie-Hellman	2048-bit Group #14 with a generator or 2	Algorithms: DH-2048 NaCl	Algorithms: Nothing Curve25519
Encrypting Data	AES-CTR HMAC	Algorithms: NaCl/libsodium default ChaCha20-Poly1305 AES-GCM	Algorithms: Amazon KMS XSalsa20+Poly1305

Above table idea from: https://news.ycombinator.com/item?id=16748400 (author: weinzierl) sources for the table:

Crypto Libraries

NACL/Libsodium is a great library to use.
OpenSSL is an OK library to use, it had a down-period, but it’s being maintained again now.
Tink is a new library with a team of cryptographers maintaining it; that team includes Daniel Bleichenbacher.