[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5

Bill Cox waywardgeek at gmail.com
Mon Mar 24 00:02:50 EDT 2014

On Sun, Mar 23, 2014 at 10:15 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Bill Frantz <frantz at pwpconsult.com> writes:
> The SHA-3 competition has actually lead to a somewhat odd situation in which,
> due to the new analysis techniques introduced for that, we now know that SHA-2
> is actually quite strong (not to mention faster, and already widely deployed).
> This is limiting the rush to SHA-3 in a manner that wasn't present for AES.
> Peter.

The SHA-3 competition also seems to have led to an unfortunate case of
foot-in-mouth over changing the security requirements after picking
the winner, to a weaker standard, scaring the heck out of those of us
who know about the competition, but have no clue what they're actually
doing.  Especially after all the Snowden leaks... I bet this really
frustrates the SHA-3 judges.

Also, while Keccak does sound cool, the reasons for choosing over
Blake2 are reasons I would have avoided it.  As discussed above, being
like SHA2 should likely be considered a good thing now, and being more
efficient in hardware, IMO, should generally be considered a bad
thing, and certainly not a reason for choosing the SHA3 winner.
However, I only know about a small subset of the security field, and
in protecting passwords, it's critical to find algorithms that are
inefficient in hardware.  Someone suggested Keccat on the PHC list,
and I think it went over like a lead balloon.


More information about the cryptography mailing list