|
|
|
|
|
|
by tptacek
3968 days ago
|
|
|
Can you please explain where exactly you got the idea that BLAKE2 was length-extendable? Can you also please explain some of these other attacks you're talking about it sharing with MD5 and SHA1? The commonality between MD5, SHA1, and SHA2 is the Merkle Damgard structure. BLAKE2 isn't an MD hash. Are these MD attacks that you're asserting apply to BLAKE2? I'd like to know where the certitude you're projecting is coming from. |
|
|
No, you're right: I misunderstood the algorithm; an extension attack has not yet been found. My core point still stands though: choosing a cryptographic anything should start with a consideration of the security properties of the algorithm, and only then should we talk about speed.