Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: BLAKE2: A New Alternative To MD5 & SHA-2/SHA-3

  1. #1
    Join Date
    Jan 2007
    Posts
    15,179

    Default BLAKE2: A New Alternative To MD5 & SHA-2/SHA-3

    Phoronix: BLAKE2: A New Alternative To MD5 & SHA-2/SHA-3

    For those interested in cryptography, BLAKE2 has been announced as a new alternative for MD5 and SHA-2/3 algorithms. The benefits of BLAKE2 is better security than MD5 while being higher performance in software...

    http://www.phoronix.com/vr.php?view=MTI2MDY

  2. #2
    Join Date
    Jun 2006
    Posts
    358

    Default

    So instead of using the winner of the SHA-3 competition or even one of the finalists that were under a lot of checks and scrutiny, let's take one of those finalists, redesign it and call it better? 4real?

  3. #3
    Join Date
    Dec 2009
    Posts
    492

    Default

    I'm having problems convincing others they should use SHA2 over MD5, let alone SHA3. Bringing an exotic solution to the table would put me in an awkward position.
    It's good there's research in the area, maybe this will grow into SHA4. But I don't think it's worth raving about it just yet.

  4. #4
    Join Date
    Sep 2009
    Posts
    119

    Default

    Improved performance isn't necessarily a good thing, when it comes to these sorts of hash functions. The faster a hash function, the easier it is to brute-force. When Intel added SHA hardware instructions, they weren't necessarily making SHA better, they were bringing it closer to obsolescence (for certain applications.)

  5. #5
    Join Date
    Jan 2009
    Posts
    1,445

    Default

    Quote Originally Posted by Licaon View Post
    So instead of using the winner of the SHA-3 competition or even one of the finalists that were under a lot of checks and scrutiny, let's take one of those finalists, redesign it and call it better? 4real?
    The article claimed BLAKE2 was a finalist. According to this link, http://crypto.junod.info/2010/12/10/...unced-by-nist/, it was a finalist (well, BLAKE was, I'm assuming BLAKE2 is simply a different implementation.

  6. #6
    Join Date
    Nov 2010
    Posts
    80

    Default

    Quote Originally Posted by MaxToTheMax View Post
    Improved performance isn't necessarily a good thing, when it comes to these sorts of hash functions. The faster a hash function, the easier it is to brute-force. When Intel added SHA hardware instructions, they weren't necessarily making SHA better, they were bringing it closer to obsolescence (for certain applications.)
    Exactly.

    (I need make my message at least 10 chars long. what a stupid cms)

  7. #7
    Join Date
    Dec 2012
    Posts
    558

    Default

    Quote Originally Posted by MaxToTheMax View Post
    Improved performance isn't necessarily a good thing, when it comes to these sorts of hash functions. The faster a hash function, the easier it is to brute-force. When Intel added SHA hardware instructions, they weren't necessarily making SHA better, they were bringing it closer to obsolescence (for certain applications.)
    Keccak and Sha2-256 or greater can't be brute forced. Their key spaces are within 3 orders of magnitude of the estimated number of atoms in the universe. It would take billions of years with all our available computational power to cover them. Hell, a 128 bit keyspace is currently completely impossible to brute force as well, but that is only a problem at a galactic scale rather than a universal one.

    And if you really wanted to be OCD, 512 bit keyspace (or just 384) is laughably impossible to even consider brute forcing. But 256 bit is already impossible. The lowest used key space for either algorithm is 224 bits, which is just as crazy. Here is the wikipedia entry on 128 bit vs 256 bit keyspace brute forcing:

    AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (10^18) AES keys per second (if such a device could ever be made - as of 2012, supercomputers have computing capacities of 20 Peta-FLOPS, see Titan. So 50 supercomputers would be required to process (1018) operations per second) would in theory require about 310^51 years to exhaust the 256-bit key space.
    Keccak is already supposed to be really easy on cycles though, right? The real tradeoffs here isn't size of key storage vs execution time to have a secure key. The question isn't if you can brute force it, but if the algorithm has a vulnerability to reduce a 128 bit or 256 bit keyspace into a solvable problem.
    Last edited by zanny; 12-24-2012 at 08:00 PM.

  8. #8
    Join Date
    Nov 2007
    Posts
    1,024

    Default

    Quote Originally Posted by zanny View Post
    Keccak and Sha2-256 or greater can't be brute forced.
    All well said. Put in simpler terms for the simpler readers: these speedups mentioned are all linear, and while a linear improvement in hash computation is pleasantly noticeable when you're trying to compute hashes for a few hundred files while making a git commit or something like that, it is completely irrelevant when trying to search a ridiculously huge hash space. One thousandth of the time of "practically forever" is still "practically forever."

  9. #9
    Join Date
    Jun 2006
    Posts
    358

    Default

    Quote Originally Posted by liam View Post
    The article claimed BLAKE2 was a finalist. According to this link, http://crypto.junod.info/2010/12/10/...unced-by-nist/, it was a finalist (well, BLAKE was, I'm assuming BLAKE2 is simply a different implementation.
    So decide already, it was either a finalist or a redesign, it can't be both.

  10. #10
    Join Date
    Jan 2009
    Posts
    1,445

    Default

    Quote Originally Posted by Licaon View Post
    So decide already, it was either a finalist or a redesign, it can't be both.
    The algorithm was clearly a finalist but I don't know if blake2 is the same code as that which was in the competition.
    So, as I said, it may be a reimplementation of a sha3 finalist algorithm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •