As a rule of thumb, use the cryptographic algorithms and mechanisms that are
considered strong by the cryptographic community.

Appropriate choices are currently the following.


==== For AES: use authenticated encryption modes

The best-known authenticated encryption mode for AES is Galois/Counter mode
(GCM).

GCM mode combines encryption with authentication and integrity checks using a
cryptographic hash function and provides both confidentiality and authenticity
of data.

Other similar modes are:

* CCM: `Counter with CBC-MAC`
* CWC: `Cipher Block Chaining with Message Authentication Code`
* EAX: `Encrypt-and-Authenticate`
* IAPM: `Integer Authenticated Parallelizable Mode`
* OCB: `Offset Codebook Mode`

It is also possible to use AES-CBC with HMAC for integrity checks. However, it
is considered more straightforward to use AES-GCM directly instead.

==== For RSA: use the OAEP scheme

The Optimal Asymmetric Encryption Padding scheme (OAEP) adds randomness and a
secure hash function that strengthens the regular inner workings of RSA.