I'm a web developer, so while security is obviously a huge concern, it's not my main area of expertise. I don't have the knowledge to evaluate the pros and cons of each cipher, and the situations in which it's appropriate to use each one.
It would be wonderful if someone with more knowledge of the subject could throw up a 1-page site with an appropriate security choice (or a few choices with situations in which each would be more acceptable) for a given range of situations, to establish a 'sane default', taking into account their availability on a number of platforms and programming languages.
For example:
Need to sign a message? Use HMAC-SHA1
Need to checksum a file? Use SHA-1
Need to hash a password? Use bcrypt
Need to transmit data over a network? Use SSH2
Need to secure HTTP? Use SSL 1.2 with (these ciphers in order of preference)
Need to secure home WiFi? Use WPA2-PSK
Need to encrypt files? Use GnuPG
Need to do (this type) of encryption? Use CBC. For (this type), use ECB
Need to create a TrueCrypt volume? Use (this cipher) with (this many) bits.
Need to sign a message? Using S/MIME or PGP.
Need to checksum a file? Use SHA256.
Need to hash a password? Use bcrypt, scrypt, or PBKDF2.
Need to transmit data over a network? Use HTTPS/TLS
Need to secure HTTP? Use HTTPS/TLS, preferring AES in CTR and then CBC.
Need to secure home WiFi? Use WPA2PSK.
Need to encrypt files? Use any implementation of PGP.
Need to do (this type) of encryption? Use PGP. Never use AES directly. Never use ECB for anything.
Need to create a TrueCrypt volume? Can't help you; we use PGP.
I guess the question is - who do you trust to make these calls?
In this case, the answer probably is OWASP which is a great and often overlooked resource, contributed to by a lot of experts in the area. They have a lot of pages in their wiki that address crypto concerns...
Casting my eye over the recommendations in the pages I linked - yes some of it seems to be a little behind the times (for instance, adaptive hashing isn't mentioned once in terms of securing passwords), but none of it seems outright terrible.
Is this something that the crypto community/experts can come together and improve the same way as the vuln/exploit security community have made OWASP what it is?
Or is the real truth that executing proper crypto techniques are simply to difficult to boil down into a pile of cheatsheets?
It would be wonderful if someone with more knowledge of the subject could throw up a 1-page site with an appropriate security choice (or a few choices with situations in which each would be more acceptable) for a given range of situations, to establish a 'sane default', taking into account their availability on a number of platforms and programming languages.
For example: