10 Encryption Best Practices
When encrypting passwords and other artifacts consider the following:
Encryption becomes fallible because:
-
Applications use broken implementations or use known algorithms improperly.
-
Data is insecure because of easily defeated cryptography.
In addition, Base-64 encoding, obfuscation, and serialization are not encryption, and should not be mistaken for encryption.
To encrypt data successfully:
-
Use the platform-specific file encryption API or another trusted source. Do not create your own cryptography.
-
You must restrict access to encryption keys to the fewest number of custodians necessary.
-
You must store encryption keys securely in the fewest possible locations and forms.
-
Do not store the key with the encrypted data.