[Cryptography] let's kill md5sum!

EddyHawk quarsicon at yahoo.com
Tue Jun 9 05:48:47 EDT 2015


Dear Zooko Wilcox-O'Hearn & cryptology list members,


The way I see it, the new *sum will need to fully accomodate both crypto &
non-crypto use, while b2sum doesn't yet achieve those by using blake2:
-non-crypto people will be more compelled to replace md5sum with b2sum
 only if blake2 is uniformly faster than md5 (ie., faster without ssse3+
 instructions)
-blake2 favors speed over attack-safety (most notably, by the removal of
 all constants for its compression function). crypto-worry people don't seem
 to like such reduced security. they may accept a few less steps, but not
 weakened compression function.

For that, I suggest modified blake2 (blake2x? blake3?) for the new *sum
which:
-returns all/some of blake constants for compression function to satisfy
 crypto-worry users.
-introduces (double amount) finalization, like siphash's approach, say
 4 or 6 or 8 rounds for hashing & 8 or 12 or 16 rounds for finalization,
 to be uniformly faster than md5.

Blake2 is already very good, but perhaps these changes to blake2 could
increase its acceptance to all potential users.


Best regards,
EddyHawk


More information about the cryptography mailing list