hashing: SHA-512
Password or one time code hashing: Argo2id
Key derivation: SHAKE256 or HKDF-SHA512
Api key: prefix + version + Base32LowerCase.encode(UUID || 32-byte secret); hash function: SHAKE256 with a 512 bit output, or SHA3-512 or SHA-512

Encryption: AES-256 has too short nonces, jey / nonce reuse is catastrophic and it's also lacking context commitment. XChaCha20-Poly1305 lacks context commitment, that's why ChaCha20-BLAKE3 is recommended.

Encrypting secrets: use a Key Management Service

Symmetric Key signature: HMAC-SHA512
Asymmetric key signature: ML-DSA-65, or ML-DSA-87
JSON Web TOkens: ML-DSA-65 for asymmetric signatures or HMAC-SHA512 for symmetric signatures

End-to-end encryption

While you probably need more advanced protocols for your specific use case (e.g. The Messaging Layer Security (MLS) Protocol, RFC 9420, for messaging), basic end-to-end encryption to a public key has been standardized in RFC 9180 - Hybrid Public Key Encryption (HPKE). In this context hybrid means that we combine both symmetric and asymmetric cryptography.
Therefore, I recommend the following algorithms for use with HPKE to encrypt data to a public key:

• KEM: X-Wing
• AEAD: AES-256-GCM
• KDF: HKDF-SHA512

TLS

Today, the only quantum-resistant key exchange algorithm available for TLS is the hybrid X25519MLKEM768. Ensure that your load balancers / reverse proxies support it.

Source: https://hackaday.com/2026/04/22/what-have-we-dumped-on-the-moon/

# the api key generation
fn hash_api_key(api_key_id: Uuid, version i16, organization_id: Uuid, secret: &[u8]) -> [u8; API_KEY_HASH_SIZE] {
    let mut hasher = sha3::Sha3_512::new();

    hasher.write(api_key_id.as_bytes());
    hasher.write(&version.to_le_bytes());
    hasher.write(organization_id.as_bytes());
    hasher.write(secret);

    return hasher.sum();
}

the storage in the database

CREATE TABLE api_keys (
  id UUID PRIMARY KEY,
  created_at TIMESTAMP WITH TIME ZONE NOT NULL,
  updated_at TIMESTAMP WITH TIME ZONE NOT NULL,

  name TEXT NOT NULL,
  expires_at TIMESTAMP WITH TIME ZONE,
  version SMALLINT NOT NULL,
  secret_hash BYTEA NOT NULL,

  organization_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,

  UNIQUE (name, organization_id)
);
CREATE INDEX index_api_keys_on_organization_id_and_expires_at ON api_keys (organization_id, expires_at);

X.400 is arguably a better standard than SMTP, but the simple email address and the ease of implementation won.

Read from a reddit post

« Les attaquants bénéficient d’un avantage asymétrique, puisqu’il leur suffit d’exploiter une seule brèche», alors que les défenseurs doivent couvrir une surface d’attaque qui n’est certes pas infinie, mais suffisamment étendue pour laisser des trous dans la raquette. Les développeurs de Firefox ne peuvent pas se permettre de « réécrire des décennies de code en C++ ».

De l'autre côté, l'IA peut détecter ces failles rapidement. Il est probable que ce genre de détection de faille soit inclus dans les processus avant la livraison d'une nouvelle version par exemple.

l’éditeur PDF intégré, qui permet de réorganiser, copier, coller, supprimer et exporter des pages dans un document PDF.

Oh pas mal

Eine deutsche Quelle: https://www.security-insider.de/boesartige-chrome-erweiterungen-stehlen-google-telegram-daten-a-a5061625029c52a58936a94487a2a353/