[Babel-users] Blake2S, blake2B or neither? [was: rather than ripemd160...]
Toke Høiland-Jørgensen
toke at toke.dk
Sat Dec 1 19:09:59 GMT 2018
Juliusz Chroboczek <jch at irif.fr> writes:
>>> (1) leave the document as it is;
>>> (2) add a mention that implementation of Blake2S is RECOMMENDED (SHOULD);
>>> (3) add a mention that implementation of Blake2B is RECOMMENDED;
>>> (4) add a mention that implementation of both 2B and 2S is RECOMMENDED.
>
>> I'm in favour of (2).
>
> Where is Blake2S-based HMAC defined? RFC 7693 merely says:
>
> BLAKE2 does not require
> a special "HMAC" (Hashed Message Authentication Code) construction
> for keyed message authentication as it has a built-in keying
> mechanism.
>
> but it does not appear to clearly define the HMAC construction.
Section 3.3 simply says:
If a secret key is used (kk > 0), it is padded with zero bytes and
set as d[0]. Otherwise, d[0] is the first data block. The final
data block d[dd-1] is also padded with zero to "bb" bytes (16 words).
-Toke
More information about the Babel-users
mailing list