Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [blake2]

BLAKE2 is a cryptographic hash function based on the SHA-3 finalist BLAKE

BLAKE2 is a cryptographic hash function. It is based on BLAKE which was originally designed for the SHA-3 competition where it became a finalist, but was not chosen as SHA-3.

It in based on the round function and has two variants:

  • BLAKE2b, using 64-bit words like ChaCha, 12 rounds, and producing hashes up to 512 bits.
  • BLAKE2s, using 32-bit words, 10 rounds, and producing hashes up to 256 bits.

Both variants also have parallel hash modes.

See also:

49 questions
60
votes
2 answers

What advantages does Keccak/SHA-3 have over BLAKE2?

Keccak/SHA-3 is new NIST standard for cryptographic hash functions. However, it is much slower than BLAKE2 in software implementations. Does Keccak have compensating advantages?
Demi
  • 4,853
  • 1
  • 22
  • 40
16
votes
3 answers

Why is the core ChaCha primitive not good for use in a CRCF? Why create BLAKE?

Why is the core ChaCha primitive not good for use in a collision-resistant compression function (crypto hash)? Why go through the trouble to create BLAKE? What's wrong with using the core ChaCha primitive unaltered in a Merkle–Damgård like…
Charlie
  • 384
  • 1
  • 10
11
votes
1 answer

Should I use SHA256 or Blake2 to checksum and sign scrypt headers?

I use scrypt as a key derivation function (not to store passwords). To pass around the detached key header I use the standard encoding as implemented in Colin Percival's scrypt implementation (scryptenc.c#L224). The original scrypt key header…
RobS
  • 113
  • 1
  • 1
  • 6
10
votes
1 answer

Why invent new hash functions for zero-knowledge proofs?

Recently, new hash functions were invented. Their primary purpose is serving the needs of zero-knowledge proof systems. I'm talking about Poseidon-256, Starkad-256, etc. See the paper. What is the main advantage of those hash functions against…
Paul Miller
  • 340
  • 1
  • 12
9
votes
0 answers

Why is BLAKE2 faster than chacha20?

Chacha20 is essentially a hash function that maps 512-bit strings to other 512-bit strings which are in turn xored with the plaintext to create the ciphertext. Of the 512-bit input 128-bit are used for the "expand 32-byte k" constant, 256-bit are…
Astolfo
  • 149
  • 3
9
votes
3 answers

Blake2 vs md5 for checksum / file integrity

I'm working on something that requires computing a checksum / file integrity. I've heard MD5 was no longer recommended. Should I use Blake2 instead? Is there a specific variant of Blake2 I should use for checksums? Blake2s? Blake2sp?
aroooo
  • 223
  • 2
  • 5
9
votes
2 answers

Argon2 with SHA-256 instead of Blake2

Can SHA-256 be substituted for Blake2 in the Argon2 algorithm? I am working my way through the C reference source code for Argon2 and hand-translating it to Go. I was just wondering why Blake2 was chosen instead a well-tested algorithm like SHA-256.
Ralph
  • 375
  • 1
  • 3
  • 8
8
votes
2 answers

BLAKE2: What is the difference between the salt and the personalization?

Libsodium builds their KDF on top of BLAKE2b: BLAKE2B-subkeylen(key=key, message={}, salt=subkey_id || {0}, personal=ctx || {0}) Besides the key, the function has two additional arguments: The subkey ID (a 8 byte value which is 0-padded and becomes…
Danilo Bargen
  • 181
  • 4
8
votes
3 answers

Blake2B as a KDF

How would one go about using vanilla keyed Blake2B as a KDF with high-entropy inputs. Assume I don't have access to more specialized algorithms such blake2XB, HKDF, etc. Salt - high entropy per-encryption salt (32 bytes) IKM - high entropy static…
hunter
  • 4,051
  • 6
  • 29
  • 42
6
votes
1 answer

Recommended key lengths for BLAKE2b

RFC 7693 provides the following table of standard parameter sets for BLAKE2b without a key (where nn is the hash size in bytes): | | Collision | Hash | | Algorithm | Security | nn | +-------------+-----------+------+ | BLAKE2b-160 |…
user42529
  • 123
  • 2
  • 5
6
votes
1 answer

Blake2: truncate 512-bit hash is safer than 256-bit by Config?

I need to calculate 256-bit hash in my code, using BLAKE2. I know I can set BLAKE2 to generate itself a 256-bits hash for any data but I´m curious to know what can be safer and faster: 1- Create the 256-bit using Blake2Config module; or 2- Truncate…
David BS
  • 197
  • 2
  • 6
5
votes
2 answers

Why blake2b is the fastest despite it being 512 bits hashing algorithm?

I am struggling to understand why blake2b is faster than blake2s, despite that blake2b is 512 bits hashing. I hope someone can clarify that for me. I read the official paper for blake2b, but I am not a very technical guy. I didn't understand much of…
Hinton Zsh
  • 361
  • 3
  • 10
5
votes
1 answer

Is Blake2b vulnerable to length extension attacks?

There are very few resources for Blake2b apart from the official documentation and website. I would like to know if Blake2b is not vulnerable to length extension attacks unlike SHA2. I would like your help as soon as possible.
Hinton Zsh
  • 361
  • 3
  • 10
5
votes
2 answers

Early propagation of carries in the BLAKE hash function

The BLAKE paper uses round constants derived from $\pi$ to improve diffusion, even if the additions modulo $2^{32}$ are replaced with bitwise XOR when processing a null message and null initial state: The higher weight in the original model is due…
forest
  • 15,626
  • 2
  • 49
  • 103
5
votes
2 answers

Is there any concrete reason to call BLAKE more secure than BLAKE2?

I read a blog article which discussed SHA-3. I noticed it mention that security was often compromised in the name of speed (not always a bad thing, of course). It gave some examples: What I'm saying is that although they care deeply about security,…
forest
  • 15,626
  • 2
  • 49
  • 103
1
2 3 4