[Cryptography] let's kill md5sum!
Zooko Wilcox-OHearn
zooko at leastauthority.com
Tue Jun 9 12:19:01 EDT 2015
On Tue, Jun 9, 2015 at 9:48 AM, EddyHawk <quarsicon at yahoo.com> wrote:
>
> -non-crypto people will be more compelled to replace md5sum with b2sum
> only if blake2 is uniformly faster than md5 (ie., faster without ssse3+
> instructions)
I don't understand why this matters. BLAKE2 is faster than MD5 in
software in most cases, currently. Future CPUs will probably further
increase that.
> -blake2 favors speed over attack-safety (most notably, by the removal of
> all constants for its compression function). crypto-worry people don't seem
> to like such reduced security. they may accept a few less steps, but not
> weakened compression function.
No, there's no known weakness in BLAKE2. Please see the security
analysis in https://blake2.net/#cr and in
https://blake2.net/blake2_20130129.pdf .
> -introduces (double amount) finalization, like siphash's approach, say
> 4 or 6 or 8 rounds for hashing & 8 or 12 or 16 rounds for finalization,
> to be uniformly faster than md5.
BLAKE2 as currently specified already has a finalization step
(preventing length-extension attacks) and is already faster than MD5
(in most cases).
Thanks!
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO, and Customer Support Rep
https://LeastAuthority.com — Freedom matters.
More information about the cryptography
mailing list