diff options
-rw-r--r-- | doc/manual/cipher_modes.rst | 2 | ||||
-rw-r--r-- | doc/manual/hash.rst | 3 | ||||
-rw-r--r-- | readme.rst | 22 |
3 files changed, 6 insertions, 21 deletions
diff --git a/doc/manual/cipher_modes.rst b/doc/manual/cipher_modes.rst index ca53a6ab5..e7a147d25 100644 --- a/doc/manual/cipher_modes.rst +++ b/doc/manual/cipher_modes.rst @@ -250,6 +250,8 @@ will be returned by :cpp:func:`get_cipher` if the named cipher is an AEAD mode). Available AEAD Modes ------------------------- +If in doubt about what to use, pick ChaCha20Poly1305, AES-256/GCM, or AES-256/SIV. + ChaCha20Poly1305 ~~~~~~~~~~~~~~~~~~ diff --git a/doc/manual/hash.rst b/doc/manual/hash.rst index 7b317f498..d8463cc2e 100644 --- a/doc/manual/hash.rst +++ b/doc/manual/hash.rst @@ -98,7 +98,8 @@ Assume we want to calculate the SHA-1, Whirlpool and SHA-3 hash digests of the S Available Hash Functions ------------------------------ -The following cryptographic hash functions are implemented. +The following cryptographic hash functions are implemented. If in doubt, +any of Blake2b, SHA-384, or SHA-3 are good choices. BLAKE2b ^^^^^^^^^ diff --git a/readme.rst b/readme.rst index 394f06c52..084da5cd3 100644 --- a/readme.rst +++ b/readme.rst @@ -37,14 +37,10 @@ https://keybase.io/jacklloyd, and some public PGP key servers. For all the details on building the library, read the `users manual <https://botan.randombit.net/manual>`_, but basically:: - $ ./configure.py --help - $ ./configure.py [probably some options] + $ ./configure.py $ make $ ./botan-test - # lots of output... - Tests all ok - $ ./botan - # shows available commands + ... $ make install Botan can also be built into a single-file amalgamation for easy inclusion into @@ -185,17 +181,3 @@ Other Useful Things * Format preserving encryption scheme FE1 * Threshold secret sharing * NIST key wrapping - -Recommended Algorithms ----------------------------------------- - -* For encryption of network traffic use TLS v1.2 -* Packet encryption: AES-256/GCM, AES-256/OCB, Serpent/OCB, or ChaCha20Poly1305 -* General hash function: BLAKE2b, SHA-2, SHA-3, or Skein-512 -* Message authentication or PRF: HMAC with SHA-256 -* Key derivation function: KDF2 or HKDF -* Public Key Encryption: RSA, 2048+ bit keys, with OAEP/SHA-256 -* Public Key Signatures: RSA, 2048+ bit keys with PSS/SHA-512, - or ECDSA using P-256/SHA-256 or P-521/SHA-512 -* Key Agreement: ECDH using P-256 or X25519. If you are concerned - about quantum computers, combine ECC with NewHope. |