I just use good primitives and glue them together as required in my application ...

IncRnd · on Aug 30, 2020

Un fortunately, there are lots of things to specify in order to properly use the crypto you mentioned. It sounds as if you are already taking care of those things.

For people who may not be aware: Which SHA-2? Is it a truncated version? What encryption mode of AES? Are you using an IV? How is it generated? How is the key material protected? With PBKDF2, how many iterations, how was the salt generated, what PRF is used in it? Is DPAPI used in machine or user scope?

betterunix2 · on Aug 30, 2020

"glue them together as required in my application code"

This can easily be the source of problems. Bad compositions of crypto primitives are a common source of vulnerabilities in cryptosystems. A textbook example is MAC-then-ENCRYPT, which is not secure in general. Another common example is over-use of a cryptographic key, which can easily happen when underlying primitives are composed badly (asking for too many bytes from a PRG, or encrypting too much data in GCM mode, etc.).

"never really screw with asymmetric crypto primitives directly"

You might not be matching your crypto to your application requirements if you can write off a whole swath of primitives like that, or else you only deal with a very specific setting in which symmetric cryptography is sufficient.

tptacek · on Aug 30, 2020

Almost every crypto vulnerability I have ever found in production code came from systems designed with good primitives. It's not like we generally break systems by doing block cipher round function cryptanalysis.

fanf2 · on Aug 30, 2020

AES by itself is not very useful. What block cipher mode(s) do you use?