Announcement

Collapse
No announcement yet.

BLAKE3 v1.0 Released - Faster & More Secure Than SHA-1, Etc

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • BLAKE3 v1.0 Released - Faster & More Secure Than SHA-1, Etc

    Phoronix: BLAKE3 v1.0 Released - Faster & More Secure Than SHA-1, Etc

    The BLAKE3 cryotpgraphic hash function that was announced last year and based on its predecessor BLAKE2 has now reached version 1.0 for its official/reference software implementation. BLAKE3 continues to be much faster than BLAKE2 while also being much faster than the likes of SHA-1/SHA--2/SHA-3 and even MD5 while being more secure...

    https://www.phoronix.com/scan.php?pa...3-1.0-Released

  • #2
    How do you define “more secure”?

    md5 and SHA1 are broken, so probably…. Has this had as any eyes as SHA256/512?

    I know I shouldn’t mention the NSA and NIST, but those guys are the people who approve algorithms for US Gov. what do they say?

    Comment


    • #3
      If us gov (read NSA) approves some algorithms it's safe to assume that no one should use them anywhere.

      Comment


      • #4
        Originally posted by matsukan View Post
        If us gov (read NSA) approves some algorithms it's safe to assume that no one should use them anywhere.
        No, it does not.

        The U.S government is very interested in having secure algorithms that companies can use and be secure against espionage from rival powers.

        Comment


        • #5
          Originally posted by matsukan View Post
          If us gov (read NSA) approves some algorithms it's safe to assume that no one should use them anywhere.
          The NSA were the first to imply that they had broken RC4, MD5 and SHA1. Based on previous recommendations and statements the NSA has made, it's estimated that their cryptographic knowledge and techniques are at least 10 years ahead of what is available in academia (although Google seem to be catching them). What tends to happen is that NIST change their recommendations and 5 years later we figure out why... In any case, you can't sell to US government without using algorithms they approve so - yeah those are the ones that you need to use.

          The question is who is claiming BLAKE3 is better, and what puts them in a position to make that claim. If BLAKE3 is broken, it's probably going to be broken by the NSA first, and they aren't going to tell anyone (unless it's an algorithm they recommend for US Gov usage).

          Of course, the NSA have screwed up in the past, but they are still the "experts" until someone else (Google?) pays that many people to seriously work on computer security.

          Comment


          • #6
            Originally posted by uid313 View Post

            No, it does not.

            The U.S government is very interested in having secure algorithms that companies can use and be secure against espionage from rival powers.
            nope, they care more about the us govt backdooring them so that the nsa can spy on the whole world.

            Comment


            • #7
              Originally posted by hajj_3 View Post

              nope, they care more about the us govt backdooring them so that the nsa can spy on the whole world.
              LOL that people actually think the NSA needs to release broken crypto. It's much easier to get a job as a janitor and stick a USB stick into any computer you need to... For some reason we simply accept "if you have physical access you can get all the data". In any case, it's a bit of PITA if someone notices your vulnerability and fixes it.

              Comment


              • #8
                Originally posted by OneTimeShot View Post

                The NSA were the first to imply that they had broken RC4, MD5 and SHA1. Based on previous recommendations and statements the NSA has made, it's estimated that their cryptographic knowledge and techniques are at least 10 years ahead of what is available in academia (although Google seem to be catching them). What tends to happen is that NIST change their recommendations and 5 years later we figure out why... In any case, you can't sell to US government without using algorithms they approve so - yeah those are the ones that you need to use.
                NSA was also the ones sending their people into crypto organizations to put magic numbers into the algorithms that made cracking easy. The US government doesn't care about people or companies unless they posses information damaging to the politicians in charge.

                Comment


                • #9
                  Originally posted by MadeUpName View Post

                  NSA was also the ones sending their people into crypto organizations to put magic numbers into the algorithms that made cracking easy. The US government doesn't care about people or companies unless they posses information damaging to the politicians in charge.
                  I think you are referring to the S-boxes in SHA1. Yes - no-one understood what they did at the time and it was suspicious, but they held up cryptanalysis for 5 years more than the algorithm would have without them. Since then we realised "hey, maybe those guys did know what they were doing"

                  Comment


                  • #10
                    Originally posted by OneTimeShot View Post
                    How do you define “more secure”?

                    md5 and SHA1 are broken, so probably…. Has this had as any eyes as SHA256/512?
                    Blake3 is based on Blake2 which is based on ChaCha/Salsa's permutation, and Blake2 has received quite some cryptanalysis and was found to be very conservative. Too conservative for the authors, actually, which is why they reduced the number of rounds for Blake3 to gain some speed.

                    The majority of speed however comes from parallelized hashing of chunks of a file and combining the resulting hashes in a tree-like structure until you're at the root and have a single hash for the full file.

                    Comment

                    Working...
                    X