portable icon indicating copy to clipboard operation
portable copied to clipboard

Published 20 hours ago verified publisher icon libressl

Add support for Blake2

Open yonas opened this issue 8 years ago • 7 comments

OpenSSL 1.1.0 will be shipping with Blake2 support:

https://github.com/openssl/openssl/commit/208527a75dd9584e2715c0eebcfad8c730d0dfae https://github.com/openssl/openssl/pull/566

yonas avatar Jun 18 '16 11:06 yonas

OpenSSL also ships with many wonderful things we have either deleted, or are waiting to see if they are viable and worth the attack surface. Do you have an actual use case for this? If so we will consider it

bob-beck avatar Jul 14 '16 02:07 bob-beck

(Disclosure: I'm one of the co-authors of BLAKE2.)

My use of BLAKE2 is in the Proof-of-Work in our upcoming cryptocurrency — https://z.cash . However, our current implementation doesn't use openssl or libressl — it uses libsodium instead.

Here is a list of crypto libraries and whether or not they support BLAKE2. Someone should add libressl to this matrix. :-) https://en.wikipedia.org/wiki/Comparison_of_cryptography_libraries#Hash_functions

Here are some other people's uses of BLAKE2: https://blake2.net/#us

Here is my argument for why BLAKE2 is great for a whole class of use cases that SHA2 and SHA3 are not good for, namely the "Big Data" use cases: https://blake2.net/acns/slides.html

In fact, MD5 and SHA1 continue to be the most widely-used hash functions for the "Big Data" use cases, even in new designs!

Note that the performance numbers in those slides are obsolete — modern BLAKE2 implementations have even better performance than is shown there.

zookozcash avatar Aug 24 '16 17:08 zookozcash

Totally forgot to come back to this. Thanks @zookozcash !

yonas avatar Aug 24 '16 17:08 yonas

@bob-beck Will the LibreSSL team add support for Blake2? What is the timeline for this?

yonas avatar Sep 07 '16 13:09 yonas

Blake2 is used by libsodium as well as Argon2.

DemiMarie avatar Jun 20 '17 18:06 DemiMarie

WireGuard also uses BLAKE2. (IPsec vs. OpenVPN vs. WireGuard is an entirely different topic here, though.) Some package management systems like Portage and FreeBSD pkg also support the algorithm for package metadata.

Since BLAKE2 (and its predecessor) shares the core operation with ChaCha which is already available in LibreSSL and used as arc4random in recent OpenBSD, the hash algorithm itself seems not so exotic to LibreSSL. The final decision is, however, up to you, of course.

omasanori avatar Aug 19 '19 09:08 omasanori

CPython ships with copies of BLAKE2 and SHA3 implementations. As maintainer of Python's hashlib and ssl stdlib modules I'm planning to remove the copy and use SHA3 and BLAKE2 from libcrypto. OpenSSL supports both algorithm families in OpenSSL 1.1.1 and BLAKE2 MAC since 3.0.0.

Also see https://github.com/libressl-portable/portable/issues/455

tiran avatar May 23 '20 11:05 tiran