cryptoguides.fyi
The cryptography you actually have to get right — hashing, passwords, encryption, signatures, key exchange — shown the correct way in seven languages, using each one's standard library or its most trusted crypto package.
Secure random bytes
Generate cryptographically secure random bytes for keys, nonces, salts, and tokens.
01 / 9
#️⃣Hashing with SHA-256
Compute a SHA-256 digest for integrity, deduplication, and content addressing.
02 / 9
🔐Password hashing with Argon2id
Store passwords safely with Argon2id — the slow, salted, memory-hard standard.
03 / 9
🧾Message authentication with HMAC
Authenticate a message with HMAC-SHA256 and verify it in constant time.
04 / 9
🔒Symmetric encryption with AES-256-GCM
Encrypt and authenticate data with AES-256-GCM — authenticated encryption done right.
05 / 9
🔑Key derivation with HKDF
Derive one or more independent keys from a high-entropy secret using HKDF-SHA256.
06 / 9
✍️Digital signatures with Ed25519
Sign and verify data with Ed25519 — the modern, footgun-free signature scheme.
07 / 9
🤝Key exchange with X25519
Derive a shared secret over a public channel with X25519 Diffie-Hellman.
08 / 9
⏱️Constant-time comparison
Compare secrets without leaking them through timing side channels.
09 / 9
Why this site?
Most cryptography bugs are not broken algorithms — they are the small things around
them: a predictable random source, a reused nonce, a password run through a plain
SHA-256, a MAC compared with ==. The primitives are the easy
part; using them safely is where code goes wrong.
Each guide picks the modern, boring, correct option for one task and shows it end to end in Go, Python, Node.js, .NET, C++, Java, and Rust — preferring each language's standard library, and reaching for a well-established package (pyca/cryptography, libsodium, RustCrypto, BouncyCastle) only when there is no built-in. Pick your language once; it follows you from guide to guide.