References

Libraries

• OpenSSL/libcrypto
• Nettle
• GCrypt
• Sodium - also github page
• Botan

Digests

Cryptographic hash functions

• SHA-1
• SHA-2
  • nice table with output size, block size, internal state size for MD5, SHA-0, SHA-1, SHA-2, and SHA-3
• SHA-3 (Keccak)
  • SHAKE128 and SHAKE256 are XOFs
• BLAKE, BLAKE2
  • BLAKE2X is XOF (extensible-output function)
• old
  • RIPEMD
  • GOST

MACs

Message authentication codes

• HMAC - RFC 2104
• Poly1305 - RFC 7539
• OMAC/CMAC
• UMAC

Ciphers

• AES
  • same params apply to Twofish, Serpent, and other AES finalists
• Salsa20, Chacha20
  • see also DJB's page

Cipher Modes

• ECB, CBC, CFB, OFB, CTR
• authenticated encryption
• OCB - AEAD, stream, nonce
  • TAGLEN affects nonce, so must be set before encrypt/decrypt
  • 3 versions, latest is OCB3
  • requires 128-bit block cipher
• GCM - AEAD, stream, nonce
  • tag may be truncated to 128, 120, 112, 104, or 96 bits (or even 64 or 32)
  • requires 128-bit block cipher
  • recommends 96-bit IV/nonce
• EAX - AEAD, stream, nonce
• unsupported
  • CCM - AEAD, stream, nonce
    • a critique
  • CWC
  • IAPM

Public-key crypto

EdDSA, curve 25519, etc

• https://en.wikipedia.org/wiki/EdDSA
• EdDSA rfc8032
• EdDSA / Ed25519
• Elliptic curves for security rfc7748
• https://github.com/openssl/openssl/issues/2048
• https://github.com/openssl/openssl/issues/487 support for EdDSA (Ed25519 & Ed448)

Password Hashing

• PHC spec
• Passlib

---

Misc, implementation

• using ECDH in gcrypt (not documented!)
  • https://github.com/keybase/keybase-issues/issues/1738
  • https://git.libssh.org/projects/libssh.git/tree/src/ecdh_gcrypt.c
  • https://github.com/PayalAnand/gnupg-ecc/issues/1