> Like, I need to authenticate that a client is a known identity. What algo?
In this case, you're asking the wrong question.
When people say "what algo?" in such a context, the answers will be flavored as "Ed25519 vs secp256k1 vs RSA-PKCS1v1.5" when you should first be asking "what level of abstraction am I dealing with?" and "what are the constraints?"
Like, maybe "algo" isn't even a relevant concern.
If I were designing a simple token-based auth scheme today, I'd reach for PASETO. Unless I need interop with a third-party provider, who almost universally use JWTs and prevent me from having any say or choice in the matter.
With PASETO, you don't need to know, or even care, about "what algo?" You only need to consider mode, which is more of a use-case question.
I cannot imagine proactively writing a cheat sheet for every possible use case. You might be tempted to use AI to solve this problem on demand, but the cost of a hallucination here is pretty high.
If you find yourself regularly asking this question, I'd recommend just hiring a cryptography consultant.
In this case, you're asking the wrong question.
When people say "what algo?" in such a context, the answers will be flavored as "Ed25519 vs secp256k1 vs RSA-PKCS1v1.5" when you should first be asking "what level of abstraction am I dealing with?" and "what are the constraints?"
Like, maybe "algo" isn't even a relevant concern.
If I were designing a simple token-based auth scheme today, I'd reach for PASETO. Unless I need interop with a third-party provider, who almost universally use JWTs and prevent me from having any say or choice in the matter.
With PASETO, you don't need to know, or even care, about "what algo?" You only need to consider mode, which is more of a use-case question.
But with JWTs, you not only have to care about "what algo?" your system needs to be very delicate in how it processes them. https://www.howmanydayssinceajwtalgnonevuln.com
I cannot imagine proactively writing a cheat sheet for every possible use case. You might be tempted to use AI to solve this problem on demand, but the cost of a hallucination here is pretty high.
If you find yourself regularly asking this question, I'd recommend just hiring a cryptography consultant.