Best Practices Crypto Algorithms

I've always wanted just a nice simple list of what crypto algorithms go where. Finally, from Web Security 2.0:

  • AES256 in GCM mode for encryption
  • HMAC-SHA512 for integrity protection
  • SHA-256 or SHA-512 with salt for hashing
  • PBKDF2 or bcrypt for passwords, see here for a comparison between the two.
  • /dev/urandom or RtlGenRandom/CryptGenRandom for random numbers