|
|
|
|
|
|
by wahern
3293 days ago
|
|
|
SHA-3 in XOF mode can be used (and was expected to be used) as a KDF. XOF mode is part of the NIST SHA-3 standard. SHA-3 is incredibly versatile. This obsession with speed is unfortunate. It's a great function. If you've ever implemented SHA-3, it becomes obvious that all of these modes are simple changes in parameters to the core Keccak function--basically either changing the number of rounds or changing the output window size. And many of these degrees of freedom of Keccak are standardized as part of the NIST SHA-3 standard. Contrast that with the BLAKE family of hash functions, which all involve substantial changes to the core routine. It didn't have to turn out that way as the original BLAKE proposal was quite versatile, but the downside of being passed over for standardization is greater susceptibility to fragmentation. Once the core SHA-3 routine begins to see hardware support all of this handwringing and bikeshedding will be forgotten. Choosing SHA-3 today is a solid choice and should be beyond reproach, whereas not choosing SHA-3 should require a substantial and continued defense. |
|
|