proposal: x/crypto/blake2b: support arbitrary length digests #22751
Comments
|
The problem is that users may use too short hash values. The package tries to achieve a security level of at least 128 bit. See also RFC 7693 However I'm currently working on #19896 which requires arbitrary digest sizes. |
Ah! That's why you didn't include
Agreed. For a little context here: I was writing a golang implementation of libsodium's sealed box. It's the same as NaCl's sealed box except it specifies the creation of the nonce as |
Correct -However it's still available here.
That sounds like a use case for a XOF like BLAKE2x, SHA3 / SHAKE or Kangaroo 12. |
|
Too-short hash values may have legitimate use-cases, like birthday paradox proof-of-work where hash collisions are what you're trying to find, e.g. equihash. If you're aiming for a very short proof-of-work period, you need a very short hash. The XOF doc says "Note that an ℓ smaller or equal than 64 is acceptable, there’s just no reason to use it since BLAKE2b already provides hashes of 64 bytes or less". From that comment, it seems to me that arbitrary length BLAKE2b was intended. |
|
@sporkmonger
Sure, the problem is that users may use a too short hash to achieve collision resistance. However the BLAKE2b package will support arbitrary hash sizes because of Argon2. |
|
Fixed by #19896 - Can be closed. |
|
Thanks! |
Upstream blake2b has been updated to allow arbitrary digest sizes. My private copy is no longer needed. See golang/go#22751 for more info.
Blake2b supports digests between 1-64 bytes, but the blake2b library only exposes three of the standard digest sizes. Ideally, the library would support an arbitrary digest size between 1 and 64.
It looks like the logic is already there in the newDigest function. It's just a matter of exposing it.
The text was updated successfully, but these errors were encountered: