BLAKE2 hash authors post code as RFC

  • Markku-Juhani Saarinen

Press/Media: Public Engagement Activities


BLAKE2 hash authors post code as RFC

Strong, fast, but NIST is wary

The authors of a NIST-commended (but left on the shelf) hashing suite have put their work forward for IETF (Internet Engineering Task Force) consideration.

The BLAKE system had the bittersweet honour of being highly rated by the National Institute of Standards and Technology (NIST) in several categories of the SHA-3 competition (announced in October 2012), but its similarity to SHA-2 counted against it.

In an RFC put up by BLAKE's author, cryptanalyst Jean-Philippe Aumasson (with editor Dr Markku-Juhani Saarinen of Queen's University Belfast) says his intent is to make both BLAKE2 and its C code available to the Internet community for hashing and as a message authentication code (MAC).

Two flavours of the hash/MAC code are offered, one for 64-bit architectures and the other for 8-to-32-bit systems.

In RFC 7693, the authors claim their system is more efficient than SHA and HMAC-SHA, and can act as a "more secure drop-in replacement to MD5 and HMAC-MD5 in legacy applications."

Why would anyone bother? For that, it's worth delving back into the 2012 NIST report. The SHA-3 competition was a serious effort: a five-year process that started back in 2007.

The analysis NIST published listed BLAKE as a top-two candidate in software performance (the other being called Skein) and in hardware implementations. It also assigned BLAKE a high security margin along with an implementation put forward by the Keccac team; and it had already been subject to deep analysis to prove its strength.

However, it didn't meet the grade because one of the conditions of the SHA-3 competition was that submissions not be similar to SHA-2: the competition was conceived shortly after SHA-1's cracks started showing, leading to a fear that SHA-2 would be next.

As security-and-freedom company Least Authority points out, seven years have passed since then, and SHA-2 hasn't collapsed in a heap, so perhaps the 2007 rules have been superseded by events (note: one of BLAKE's authors, Zooko Wilcox-O'Hearn, launched Least Authority).

BLAKE2 is available here. ®

Period09 Nov 2015

Media coverage


Media coverage