Cryptography in .NET. Where Security Guarantees End

I'll show you what System.Security.Cryptography actually does on Windows, Linux, and macOS. I will show vulnerabilities of typical defaults AES-CBC, RSA-2048, PBKDF2. I will offer secure analogues of the same classes: AEAD-modes, RSA-PSS/OAEP, “long” PBKDF2 or Argon2, as well as modern additions ChaCha20, SHA-3 and the first post-quantum KEM. I'll wrap up with a checklist on “How to configure properly”.