Algorithm and key size to choose for SSL certificates (security and CPU wise) in 2020 (using nginx)

I posted this question already on SO, but as it is not really a programmin question I thought it might be a better place to ask here:

I want to setup a new SSL certificate store for generating SSL certs (server certs (nginx) and client certs (linux/windows devices))

I’m searching already for quite some time and I’m not sure I fully understand. especially as some articles are a few years old.

Many articles just talk about RSA end seem to recommend 2048 or 3072 though mentioning that 2048 is today probably still the best choice ( https://expeditedsecurity.com/blog/measuring-ssl-rsa-keys/ )

I found for example one Article ( https://paragonie.com/blog/2019/03/definitive-2019-guide-cryptographic-key-sizes-and-algorithm-recommendations ) but it seems to talk mostly about key encryption as @dave_thompson_085 pointed out on SO

stating in the section “Asymmetric (“Public Key”) Encryption”

Use, in order of preference:     X25519 (for which the key size never changes) then symmetric encryption.     ECDH with secp256r1 (for which the key size never changes) then symmetric encryption.     RSA with 2048-bit keys.  The security of a 256-bit elliptic curve cryptography key is about even with 3072-bit RSA.  Although many organizations are recommending migrating from 2048-bit RSA to 3072-bit RSA (or even 4096-bit RSA)  in the coming years, don't follow that recommendation. Instead migrate from RSA to elliptic curve cryptography, and then breathe easy while you keep an eye out for post-quantum cryptography recommendations. 

However they don’t mention the impact on server CPU usage compared to RSA 2048/3072/4048. I also didn’t find many other articles suggesting to switch to Elliptic curve algorithms.

Another article ) https://www.thesslstore.com/blog/you-should-be-using-ecc-for-your-ssl-tls-certificates/ _ tries to promote ECC instead of RSA, but comments on the article state, that ECC is less safe than RSA if quantum computers kick in. And the article cites nowhere numbers for what performance improvement to expect when using ECC.

https://crypto.stackexchange.com/questions/1190/why-is-elliptic-curve-cryptography-not-widely-used-compared-to-rsa mentions potentially legal issues and fear of being sued.

Though CPU usage is not a major issue Id still like to get some idea as I’d like to use the same CA and cert store also on devices like raspberries.

So what is today the best choice for certificate key algorithms and key sizes for server certs (old internet explorer not required but PCs, tablets, mobile phones being used today should be able to connect to the server

and what’s the best choice for client certs (will not be used on mobile devices)?

I kind of tend to RSA 2048, but I’m really not that sure I interpret all the articles correctly and don’t like to make choices based on feelings.

Is there any hash library with 3 wise independent hash functions in python

So I was looking for a hash family with 3 wise independent hash functions and I know the theory behind it and coding it is not super difficult but I actually need very good accuracy. So it would be actually nice if I could use a library which is already defined in python. Is there any such library with 3 wise independent hash functions? I googled it but didn’t get any proper answer.

How to get data from database week wise between two given dates?

I have a SQL database where i saved data of all dates in table. What i want is, If given any two dates, i want all the data between those two dates in weekly format where week starts on Monday. if given date starts with Thursday for example, so data from Thursday to sunday should be displayed as a week data.

I give you one example. If i choose start date 08-01-2020 and end date 08-03-2020. Now this is two months gap and there are probably 30 days. I want data of those 30 days, but week wise from Monday to Sunday. But here given start date is on Wednesday, so the that weeks data would start from wednesday and end on sunday.

Hope you got my point. Thanks in advance.

Is it wise to completely rely OAuth2 for new users and not have our own login(with username and password) system

My question is: Is it fine to build applications where the user login is completely handled by OAuth2 and services like that. That way we do not have to have our own password database for the users. How good this approach would be keeping in mind the user experience? Also would this approach be easy to implement the multi-factor authentication?

Magento2: Store wise css

We have multiple store. How can we apply store wise css. How can we apply store wise css. We have all store has different home page and all page.

I am thinking to add store code in body class to identifies store.

Like:

<body data-container="body" class="<store-code> customer-account-login page-layout-1column ajax-loading" aria-busy="true"> 

Is it proper method?

Why is it wise, from a security POV to have sessions expire?

It is a common practice to have sessions expire for users when they are logged in for a long period, especially if they are inactive. I’ve seen this particularly employed in systems where sensitive information is available.

But what practical use does this form, other than the unlikely scenario that a user’s computer becomes taken over (voluntarily or involuntarily) by another person? Having sessions expire is a mild annoyance for people having to log back into platforms. Is it merited?