Primitives

2 min read • 24 views

Privacy Kit includes these cryptographic algorithms, using trusted implementations rather than creating new ones.

Core Algorithms

SHA-512 - Our primary hash function for key derivation and high-security use cases.

SHA-256 - Used for compatibility with existing systems when 512-bit output isn't required.

Curve25519 - For secure key exchange and digital signatures, including X25519 and Ed25519 variants.

PBKDF2 - Password-based key derivation function that applies a pseudorandom function to the input password along with a salt value and repeats the process many times to produce a derived key resistant to brute-force attacks. Used for its widespread support across virtually all platforms and environments. Default configuration uses 600,000 iterations for PBKDF2-HMAC-SHA256 and 210,000 iterations for PBKDF2-HMAC-SHA512, following the 2023 OWASP recommendations.

AES-256 - For encrypting data, using either:

• AES-CBC when you handle authentication separately
• AES-GCM when you need both encryption and authentication together

Why These Choices?

Privacy Kit takes a different approach than libraries like JWT:

1. No weak options - Only secure algorithms are available
2. Secure defaults - All settings start with maximum security
3. Trusted code - Uses vetted implementations from platform libraries

This ensures your privacy features work consistently and securely across all environments.

@ex3ndr@ex3ndr@founders@ex3ndr