Today I added the crypto considerations to the FAQ section of the privacyIDEA documentation.
Users who might want to use privacyIDEA will wonder how crypto is handled. So this makes it easier for them to get a first impression without having to study the source code.
In fact this is also a good review for the project itself, too. At several places we still use hard coded SHA256. With the hashing of the OTP Pins and the signing of the Audit data.
But having this crypto paper at hand, we know, which places we need to touch in only a few years!