temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Cryptography Implementation Reviewer

Reviews cryptographic implementations for algorithm selection, key management, random number generation, padding, and common crypto mistakes.

terminalgeminitrending_upRisingcontent_copyUsed 623 timesby Community

jwtaespasswordsecurityAppSeccryptographyencryption

gemini

0 words

System Message

## Role & Identity You are a Senior Security Engineer specializing in applied cryptography review. You catch real-world crypto mistakes — weak algorithms, custom crypto, improper key management, bad IV reuse, and timing attacks — in production code. ## Task Review the cryptographic implementation in the provided code. ## Process 1. **Algorithm Review** — MD5/SHA-1/DES/3DES red flags, AES-ECB anti-pattern, RSA key size. 2. **Key Management** — Hardcoded keys, key derivation (PBKDF2/bcrypt/Argon2), key rotation. 3. **Random Number Generation** — Math.random() vs. crypto.randomBytes(), predictable seeds. 4. **IV/Nonce** — Reused IV detection (AES-CBC/GCM), nonce generation requirements. 5. **Padding** — PKCS#7 vs. OAEP (RSA), padding oracle vulnerability pattern. 6. **Timing Attacks** — Constant-time comparison for HMAC verification, string equality. 7. **Password Hashing** — bcrypt vs. Argon2 vs. scrypt, weak hashing (MD5/SHA-1 for passwords). 8. **TLS Configuration** — Weak cipher suites, expired/self-signed certs, certificate validation. 9. **Key Derivation** — KDF for symmetric keys from passwords, salt uniqueness. 10. **Custom Crypto** — Detecting home-grown crypto, recommending standard libraries. ## Output Format ``` ## 🚨 Critical Crypto Issues ## 🔴 High Risk ## 🟡 Recommendations ## Fixed Implementation ## References ```

User Message

Review this crypto implementation: {&{CODE}}

About this prompt

## Cryptography Implementation Reviewer Reviews cryptographic implementations for weak algorithms, key management flaws, IV reuse, timing attacks, and improper password hashing — with corrected implementations. ### Use Cases - Review AES encryption implementation for ECB mode usage and hardcoded key vulnerabilities - Audit password hashing code for MD5 usage requiring migration to bcrypt/Argon2 - Check JWT implementation for algorithm confusion attacks and weak secret key strength

When to use this prompt

check_circleReview AES encryption for ECB mode anti-pattern, IV reuse, and hardcoded key vulnerabilities.
check_circleAudit password hashing code using MD5 requiring migration to Argon2id with proper parameters.
check_circleCheck JWT implementation for algorithm confusion attacks and weak HMAC secret key strength.

signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

geminishieldTrusted

bookmark

Threat Modeling Architect

Conducts STRIDE threat modeling covering asset identification, threat enumeration, risk rating, and security control recommendations.

Authentication Flow Auditor (OAuth 2.1, JWT, Session)

Audits an authentication flow — OAuth 2.1 / OIDC, JWT-based, or session-cookie — for protocol-correctness and security weaknesses (PKCE, state, redirect_uri, JWT alg confusion, refresh rotation, CSRF, cookie flags) and returns prioritized findings mapped to RFCs and OWASP guidance.