Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: x/crypto/blake2[b|s]: Implement personalisation and salting #32447

Open
str4d opened this issue Jun 5, 2019 · 8 comments
Open

proposal: x/crypto/blake2[b|s]: Implement personalisation and salting #32447

str4d opened this issue Jun 5, 2019 · 8 comments

Comments

@str4d
Copy link

@str4d str4d commented Jun 5, 2019

The current implementations of BLAKE2b and BLAKE2s support both variable output lengths and keyed BLAKE2 (blake2b, blake2s), but do not yet enable setting the personalisation and salt sections of the parameter block. Personalisation in particular is becoming more commonplace in BLAKE2's usage within cryptographic protocols. It would be beneficial both inherently and for interoperability if the BLAKE2 implementations provided an interface for instantiating the digest state with a personalisation string and/or a salt.

@gopherbot gopherbot added this to the Proposal milestone Jun 5, 2019
@gopherbot gopherbot added the Proposal label Jun 5, 2019
@str4d
Copy link
Author

@str4d str4d commented Jun 5, 2019

@rsc rsc added the Proposal-Crypto label Jun 11, 2019
@tv42
Copy link

@tv42 tv42 commented Jun 13, 2019

For anyone looking for personalization/salt ASAP: I know of two abandoned projects that had that feature: https://github.com/codahale/blake2 and https://github.com/minio/blake2b-simd

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Mar 10, 2020

Sounds like the API would look like

type Options struct {
    Size uint32
    Key []byte
    Personalization string
    Salt []byte
}

func NewWithOptions(*Options) hash.Hash

func NewXOFWithOptions(*Options) XOF

Anybody see any way to simplify it?

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Mar 10, 2020

Do we need for both Blake2b and Blake2s? The latter doesn't even have arbitrary size hashes right now. #32417

@tv42
Copy link

@tv42 tv42 commented Mar 27, 2020

Perhaps it's worth noting that blake3 switched away from salt & personalization. It still has derive_key (constant string, hash material) and keyed_hash (hash material, key) modes. So personalization & salt might not end up seeing as much adoption as they would have if blake3 hadn't happened.

@elichai
Copy link

@elichai elichai commented Oct 13, 2020

Sounds like the API would look like

type Options struct {
    Size uint32
    Key []byte
    Personalization string
    Salt []byte
}

func NewWithOptions(*Options) hash.Hash

func NewXOFWithOptions(*Options) XOF

Anybody see any way to simplify it?

Why is size needed for non-XOF hashes?

I think it's either this API or a builder-pattern of sort, where you optionally input key/salt/personalization

Perhaps it's worth noting that blake3 switched away from salt & personalization. It still has derive_key (constant string, hash material) and keyed_hash (hash material, key) modes. So personalization & salt might not end up seeing as much adoption as they would have if blake3 hadn't happened.

I don't think we should consider blake3 here, it's way newer than blake2 and will take time before it can be considered a good choice for real world security applications IMO ( https://twitter.com/oconnor663/status/1257078936917377024 )

I'd really like to see this API implemented, I consider domain separation a huge security feature

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Oct 15, 2020

Why is size needed for non-XOF hashes?

How would you select the hash output size otherwise?

@elichai
Copy link

@elichai elichai commented Oct 15, 2020

Why is size needed for non-XOF hashes?

How would you select the hash output size otherwise?

i'd add the options to the New256/New384/New512 but I guess it's too late for that, and adding 3 more functions might be too much

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.