Author Topic: Add the BLAKE2s hash algorithm + Removing legacy/bugged Algorithms  (Read 22237 times)

Offline heavensrevenge

  • Normal Members
  • *
  • Posts: 2
  • Know Thyself
Mainly:
I am requesting that the BLAKE2s hash algorithm be added to the hashes that can generate passwords. http://www.dchest.org/blake2s-js/ is a nice example of it and http://jsperf.com/sha512-md5/14 is a benchmark concerning BLAKE2s from a while ago.  It is both cryptographically strong and quite fast/efficient to compute even in JavaScript as those jsperf tests show.

Possibly:
This isn't as important, would it be about time to remove the hash versions from old versions of this tool that were bugged and have a reduced character sets that probably aren't needed to stick around any longer?

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Re: Add the BLAKE2s hash algorithm + Removing legacy/bugged Algorithms
« Reply #1 on: May 18, 2014, 09:00:49 PM »
I took a quick look at PHP, and saw what the hash function there doesn't appear to support it. Looking further, it seems it may be a while before we see wide use of that algorithm. PasswordMaker doesn't support SHA3, and BLAKE was in the top 5 for that.

Then there's the Java (Android and desktop) and Python versions (which I'm not a part of, so I'm not sure what they use to calculate the hashes). If you can find whoever handle those versions, maybe they can chime in on how easy it would be to add. Then there's the issue of having the Firefox version updated.

For the most part, the JS based versions will be easy to add this to (And we should add SHA3 as well), the other languages however...

While I can see removing it from new versions (at least the broken HMAC-SHA256 as the bug there is nuts), I'm sure if there's anyone still using it, it would be bad for them. My stand, if you have already support them, keep it, if not, don't worry about adding it.
"I'm not drunk, just sleep deprived."

Offline heavensrevenge

  • Normal Members
  • *
  • Posts: 2
  • Know Thyself
Re: Add the BLAKE2s hash algorithm + Removing legacy/bugged Algorithms
« Reply #2 on: May 18, 2014, 09:42:41 PM »
Luckily there are a whole bunch of language implementations on the official page https://blake2.net/ :) It was in the SHA3 competition but... Keccak is very... wonky.

While I see what you mean for backward compatibility, what are the chances someone would willingly use a bugged version of the algorithm and not move to the new and correct function by now?  Most likely... no-one would want to willingly use the bugged & version specific ones after this amount of time right?  Basically we'd need a poll to check whether or not to remove those bugged version and have people chime in and mention of their still using them for some ungodly reason.

It's too bad the PHP function removed Salsa, Salsa is a sweet cipher and is what the BLAKE2 function uses inside it's core. Have a read up on it sometime whenever you get the chance and see if you warm up to BLAKE2 as much as I have.  BLAKE2 is def my favourite modern hash function  :)

PasswordMaker Forums

Re: Add the BLAKE2s hash algorithm + Removing legacy/bugged Algorithms
« Reply #2 on: May 18, 2014, 09:42:41 PM »