Hash functions - Blake2 Edition

Also I can’t imagine why would you use anything aside of one time pad, pen and paper, it’s the golden standard, anything else is zoomed and cringe.

> What a load of shit. Why not just use keccak or sha3, nobody will switch to your zoomer shit unless these two are broken. The first rule of crypto, that is don’t roll your own algo.
First of all, I'm still so confused about SHA3/keccak. According to wiki SHA3 is a subset of keccak. Therefor SHA3 = keccak? Someone really needs to clear that up

I'm not rolling my own hash function, just trying to optimize the previous algorithm to current standards. Right now Blake2 seems to be the hottest shit around and apparently has undergone more research than keccak. So why not?

SHA3 is standard based on a competition of various hash functions. it happened between 2008 and 2012 during which the competing hash functions were analyzed, observed, improved, etc. lots of public effort was involved.
Kekkac, BLAKE and three more made it to the final round. Kekkac won the SHA3 competition and thus was decided to become SHA3. thus yes, Kekkac == SHA3.
see en.wikipedia.org/wiki/NIST_hash_function_competition
same story with AES (originally Rijndael)

> Kekkac == SHA3.
Thank you so much user. Should be wiki headline tbqh

the "subset" here might means that it also decided on parameters such as number of rounds, block sizes, etc. there can be lots of variables and configurations

>people still using hass functions
Fucking plebs
I hope you at least protect your algorithms and code from collisions

cope maor

Attached: pigeonhole-principle.jpg (768x661, 68K)

Not an argument.
I have seen very bad practices when using hash functions.
People make programs for today, not for tomorrow or the next year.

capacity and output size would be the next step. I'm on it.

why not give us a quick rundown on proper hash function usage user? would love to get the H(BoggPill)

Attached: 1553533913835.png (785x720, 577K)

>I hope you at least protect your algorithms and code from collisions
The probability of a collision occurring is so staggeringly low with digests over 200 bits as to be entirely negligible. If you randomly guess 1.52 * 10^35 256-digests, there's a 1 in 100 million chance of a collision. It's not even worth considering at that point.

kek
ever heard of hash table? literally every map, struct or whatever shit you are using is implemented using hash table, it is a golden standard decades-old datatype.

why should I care how fast my hashing function is? shouldn't I be targetting a slow enough speed that hashes will not be cracked?

depends on usecase, key derivation hash functions exist
taken from BLAKE2's FAQ
>Q: Why do you want BLAKE2 to be fast? Aren't fast hashes bad?
>A: You want your hash function to be fast if you are using it to compute the secure hash of a large amount of data, such as in distributed filesystems (e.g. Tahoe-LAFS), cloud storage systems (e.g. OpenStack Swift), intrusion detection systems (e.g. Samhain), integrity-checking local filesystems (e.g. ZFS), peer-to-peer file-sharing tools (e.g. BitTorrent), or version control systems (e.g. git). You only want your hash function to be slow if you're using it to "stretch" user-supplied passwords, in which case see the next question.
>Q: So I shouldn't use BLAKE2 for hashing user passwords?
>A: You shouldn't use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3. Instead you should use a password hashing function such as the PHC winner Argon2 with appropriate time and memory cost parameters, to mitigate the risk of bruteforce attacks—Argon2's core uses a variant of BLAKE2's permutation.

So what does the hash function look like?
I mean its just a function, write down the formula faggot

FUNCTION G( v[0..15], a, b, c, d, x, y )
| v[a] := (v[a] + v[b] + x) mod 2**w
| v[d] := (v[d] ^ v[a]) >>> R1
| v[c] := (v[c] + v[d]) mod 2**w
| v[b] := (v[b] ^ v[c]) >>> R2
| v[a] := (v[a] + v[b] + y) mod 2**w
| v[d] := (v[d] ^ v[a]) >>> R3
| v[c] := (v[c] + v[d]) mod 2**w
| v[b] := (v[b] ^ v[c]) >>> R4
| RETURN v[0..15]
END FUNCTION.

FUNCTION F( h[0..7], m[0..15], t, f )
| v[0..7] := h[0..7]
| v[8..15] := IV[0..7]
|
| v[12] := v[12] ^ (t mod 2**w)
| v[13] := v[13] ^ (t >> w)
|
| IF f = TRUE THEN
| | v[14] := v[14] ^ 0xFF..FF
| END IF.
|
| FOR i = 0 TO r - 1 DO
| | s[0..15] := SIGMA[i mod 10][0..15]
| |
| | v := G( v, 0, 4, 8, 12, m[s[ 0]], m[s[ 1]] )
| | v := G( v, 1, 5, 9, 13, m[s[ 2]], m[s[ 3]] )
| | v := G( v, 2, 6, 10, 14, m[s[ 4]], m[s[ 5]] )
| | v := G( v, 3, 7, 11, 15, m[s[ 6]], m[s[ 7]] )
| |
| | v := G( v, 0, 5, 10, 15, m[s[ 8]], m[s[ 9]] )
| | v := G( v, 1, 6, 11, 12, m[s[10]], m[s[11]] )
| | v := G( v, 2, 7, 8, 13, m[s[12]], m[s[13]] )
| | v := G( v, 3, 4, 9, 14, m[s[14]], m[s[15]] )
| END FOR
|
| FOR i = 0 TO 7 DO
| | h[i] := h[i] ^ v[i] ^ v[i + 8]
| END FOR.
|
| RETURN h[0..7]
END FUNCTION.

FUNCTION BLAKE2( d[0..dd-1], ll, kk, nn )
| h[0..7] := IV[0..7]
|
| h[0] := h[0] ^ 0x01010000 ^ (kk 1 THEN
| | FOR i = 0 TO dd - 2 DO
| | | h := F( h, d[i], (i + 1) * bb, FALSE )
| | END FOR.
| END IF.
|
| IF kk = 0 THEN
| | h := F( h, d[dd - 1], ll, TRUE )
| ELSE
| | h := F( h, d[dd - 1], ll + bb, TRUE )
| END IF.
|
| RETURN first "nn" bytes from little-endian word array h[].
END FUNCTION.

outplayed

Blowfish is the GOAT for password hashing

SHA-512 is good enough and supported everywhere. I hope that changes, but for now, it's a safer bet.

how is everything Schneier produced such trash?