Cryptographic Agility Questions
Are you trying to change your application cryptography? Here's some common cases and recommendations.
Is this encrypted data coming through a query or request parameter?
Put the new version in a different parameter and only read it with the new code. If the new parameter is populated, do not read the old parameter. Bind the version to the encrypted message with authenticated encryption with associated data (AEAD) so that only the appropriate decryption function will successfully decrypt it.
I encrypt the data and the client uses it as a token, but I cannot update the client, what can I do?
What if this is a database field?
What about TLS ciphers?
See TLS Migrations.
I was using MD5 for passwords, what should I do?
See Password Migrations.