choices

• Password hashing

  Looking at https://github.com/ntls-io/ntls-sgx-service, the password hashing algorithm used is Argon2id, which is the default (of the 3 variants) provided by argon2 crate. See the OWASP Password Storage Cheat Sheet for what makes this a good choice.

• Data hashing

  Looking at https://github.com/ntls-io/ntls-sgx-service, the data hashing algorithm used is BLAKE3, which is chosen for its speed.

• Data encryption/decryption

  Looking at https://github.com/ntls-io/ntls-sgx-service, the cryptographic algorithm chosen for data sealing/unsealing is ChaCha20-Poly1305, due to it being state-of-the-art. It is accessed through ring_compat crate, chosen due to providing a pleasant API to the well-respected ring project.