Cryptography quick reference
Algorithms at a glance: what to use, what's broken, and which property each primitive provides.
What to use (2026 defaults)
| Job | Use | Avoid |
|---|---|---|
| Symmetric encryption | AES-256-GCM, ChaCha20-Poly1305 | DES, 3DES, RC4, AES-ECB |
| Asymmetric / key exchange | X25519 (ECDH), RSA-2048+ with OAEP | RSA <2048, textbook RSA, static DH |
| Signatures | Ed25519, ECDSA P-256, RSA-PSS | DSA, RSA PKCS#1 v1.5 |
| Hashing | SHA-256, SHA-512, SHA-3 | MD5, SHA-1 |
| Password storage | Argon2id, scrypt, bcrypt | Plain SHA-256, MD5, encryption |
| Message authentication | HMAC-SHA256, or an AEAD mode | Unauthenticated encryption |
| Transport | TLS 1.3 (or 1.2) | SSL, TLS 1.0/1.1 |
Which property does it give you?
| Primitive | Confidentiality | Integrity | Authenticity | Non-repudiation |
|---|---|---|---|---|
| Symmetric encryption (alone) | ✓ | - | - | - |
| Hash | - | ✓* | - | - |
| MAC / HMAC | - | ✓ | ✓ | ✗ (shared key) |
| Digital signature | - | ✓ | ✓ | ✓ |
| AEAD (e.g. AES-GCM) | ✓ | ✓ | ✓† | - |
* only if the hash itself can't be replaced. † authenticates the data, not the sender's identity.
Symmetric vs asymmetric
| Symmetric | Asymmetric | |
|---|---|---|
| Keys | One shared key | Public + private pair |
| Speed | Fast (bulk data) | Slow (small data / setup) |
| Key distribution | The hard problem | Solves it |
| Examples | AES, ChaCha20 | RSA, ECC, Diffie–Hellman |
Hybrid encryption (TLS, PGP): asymmetric to establish a symmetric session key, symmetric for the bulk data: best of both.
AES modes
| Mode | Authenticated? | Notes |
|---|---|---|
| ECB | No | Never use. Identical blocks leak patterns. |
| CBC | No | Needs IV; padding-oracle risk |
| CTR | No | Stream-like, parallel; never reuse key+nonce |
| GCM | Yes (AEAD) | The modern default |
Key sizes at equivalent strength
| Symmetric | RSA / DH | Elliptic curve |
|---|---|---|
| 128-bit | 3072-bit | 256-bit |
| 256-bit | 15360-bit | 512-bit |
ECC gives the same security as RSA with far smaller keys; hence its dominance in new designs.
Quantum impact
| Algorithm type | Threat | Response |
|---|---|---|
| RSA, DH, ECC | Shor's algorithm breaks them | Migrate to PQC (ML-KEM, ML-DSA) |
| AES, SHA-2 | Grover only halves strength | Use AES-256, SHA-384/512 |
NIST PQC standards (2024): FIPS 203 ML-KEM (key exchange), FIPS 204 ML-DSA (signatures), FIPS 205 SLH-DSA (hash-based signatures). Deprecate quantum-vulnerable algorithms by ~2035.
The rules
- Don't roll your own crypto; use vetted libraries.
- Never reuse a nonce/IV with the same key.
- Always authenticate (use AEAD); encryption alone doesn't stop tampering.
- Keys from a CSPRNG; passwords through a slow KDF, never used as keys directly.
- Security rests on the key, never on the algorithm being secret (Kerckhoffs).