# Cryptography Fundamentals for Developers One-sentence definition: Use vetted libraries and modern modes correctly for confidentiality, integrity, and authenticity. ## Key Facts - Prefer AEAD (AES-GCM/ChaCha20-Poly1305); avoid ECB and homegrown crypto. - Hashing: SHA-256/512; password hashing with Argon2/bcrypt/scrypt. - Key exchange/signing: modern curves or RSA-2048+; verify cert chains. - Randomness: CSPRNG only; never `rand()` for keys/tokens. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Identify weak modes and improper key/nonce use. **Mnemonic:** “**Don’t roll your own**.” ## Mini Scenario Q: Same IV reused with GCM—risk? A: Catastrophic; leaks keys/auth; must use unique nonces. ## Revision Checklist - Safe cipher/mode. - Password hashing choice. - RNG rule. ## Related [[Application Key Management and Secrets Management]] · [[Secure HTTP Headers (HSTS Frame Ancestors CORS)]] · [[Authentication Best Practices (Passwordless MFA OIDC)]] · [[Certificate and Key Management Operations]] · [[Domain 8 - Index]]