sawrus/areas/software/security/skills/crypto-standards
areas/software/security/skills/crypto-standards/SKILL.md
# Skill: Cryptography Standards ## When to load When implementing password storage, data encryption, token signing, or key management. ## Approved Algorithms | Use Case | Approved | Forbidden | |:---|:---|:---| | Password hashing | Argon2id, bcrypt (cost≥12) | MD5, SHA-1, unsalted SHA-256 | | Data encryption | AES-256-GCM, ChaCha20-Poly1305 | DES, 3DES, AES-ECB | | Token signing | RS256, ES256 | HS256 in distributed systems | | TLS | TLS 1.2+, prefer TLS 1.3 | SSLv3, TLS 1.0, TLS 1.1 | ## P
$ install --global
skillsauthnpx skillsauth add sawrus/agent-guides areas/software/security/skills/crypto-standardsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 4:33 AM26.7s1 file scanned
SKILL.md
Skill: Cryptography Standards
When to load
When implementing password storage, data encryption, token signing, or key management.
Approved Algorithms
| Use Case | Approved | Forbidden | |:---|:---|:---| | Password hashing | Argon2id, bcrypt (cost≥12) | MD5, SHA-1, unsalted SHA-256 | | Data encryption | AES-256-GCM, ChaCha20-Poly1305 | DES, 3DES, AES-ECB | | Token signing | RS256, ES256 | HS256 in distributed systems | | TLS | TLS 1.2+, prefer TLS 1.3 | SSLv3, TLS 1.0, TLS 1.1 |
Password Storage (Argon2id)
from argon2 import PasswordHasher
ph = PasswordHasher(time_cost=2, memory_cost=65536, parallelism=2)
hashed = ph.hash(plain_password)
try:
ph.verify(stored_hash, provided_password)
if ph.check_needs_rehash(stored_hash):
new_hash = ph.hash(provided_password)
db.update_password_hash(user_id, new_hash)
except VerifyMismatchError:
raise InvalidCredentials()
Envelope Encryption
Never encrypt data directly with a master key.
1. Generate unique Data Encryption Key (DEK) per record
2. Encrypt data with DEK (AES-256-GCM)
3. Encrypt DEK with Key Encryption Key (KEK) in KMS
4. Store: encrypted_data + encrypted_DEK + IV
Related Skills
sawrus/qa_expert
testing
VerifiedTrustedCommunity
QA Expert for writing E2E tests, test scenarios, test plans, and ensuring test coverage quality.
12SKILL.mdUpdated Apr 18, 2026
sawrus/design_expert
development
VerifiedTrustedCommunity
Expert UI/UX design intelligence for creating distinctive, high-craft, and mobile-first interfaces. Focuses on premium aesthetics, touch-first ergonomics, and Flutter performance.
12SKILL.mdUpdated Apr 18, 2026
sawrus/code_review_expert
development
VerifiedTrustedCommunity
Code Review Expert for static analysis, security auditing, architecture review, and ensuring code quality standards.
12SKILL.mdUpdated Apr 18, 2026
sawrus/babysit-pr
development
VerifiedTrustedCommunity
Babysit a GitHub pull request after creation by continuously polling review comments, CI checks/workflow runs, and mergeability state until the PR is merged/closed or user help is required. Diagnose failures, retry likely flaky failures up to 3 times, auto-fix/push branch-related issues when appropriate, and keep watching open PRs so fresh review feedback is surfaced promptly. Use when the user asks Codex to monitor a PR, watch CI, handle review comments, or keep an eye on failures and feedback on an open PR.
12SKILL.mdUpdated Apr 18, 2026