If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...
If you have a not-so-usual solution for your problems but need to justify it to your boss...
If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...
...then 'No Bugs' Hare on Soft.ware might be the right place for you.
Your mileage may vary. Batteries not included

Assorted Rants Tagged ‘Crypto’, page 1:

UDP for games – security (encryption and DDoS protection)

Quote: “Yes, you DO need to encrypt your UDP traffic. And no, using UDP is NOT a valid excuse to skip encryption”
Another Quote: “Personally, I prefer to think of it as of insurance – when I’m paying my premiums in hope that my money will go to waste.”
[]

Password Hashing: Why and How

Abstract: Password hashing is a Big Headache, and doing it right is complicated
Quote: “Note that none of the C++11 random number engines (LCG, Mersenne-Twister, or Lagged Fibonacci) can be considered good enough for cryptographic purposes – in short, they’re way too predictable and can be broken by a determined attacker, given enough output has leaked.”
[]

Client-Plus-Server Password Hashing as a Potential Way to Improve Security Against Brute Force Attacks without Overloading the Server

Abstract: Client-Side password hashing (in addition to existing server-side hashing) can improve resilience to brute-force attacks.
Quote: “Even if client-side is 10x slower than server-side, it leaves us with 10x improvement which is certainly a good thing to have”
[]

Part VIIb: Security (concluded) of 64 Network DO’s and DON’Ts for Multi-Player Game Developers

Quote: “What is practically very important – is to keep all the “unsanitized” data in one place.”
Another Quote: “What will happen if attacker got the whole database of your users’ passwords?”
[]

Part VIIa: Security (TLS/SSL) of 64 Network DO’s and DON’Ts for Multi-Player Game Developers

Quote: “Design of secure protocols is a thing which even security professionals have lots of problems with.”
Another Quote: “In the security field, if you can disable something unused – you SHOULD do it”
[]