

BLAKE2, an improved version of the SHA-3 ﬁnalist BLAKE optimized for speed - stalled
https://blake2.net/

======
drakeandrews
Over the past year and a half I've had it drummed into me that fast hashing is
bad and slow hashing is good. If this is so, why have they optimised this new
hashing algorithm to be as fast as possible?

~~~
tptacek
Password hashes and general-purpose crypto hashes are not the same thing. If
it helps, try using the technical term for the kinds of functions cryptography
offers for password hashing: key derivation functions (KDFs).

~~~
cperciva
Hey, that was supposed to be my line!

------
newman314
Does this mean that this variant will be resubmmited as SHA-3?

~~~
dchest
SHA-3 competition is over, Keccak won, so no.

------
IheartApplesDix
I'm not sure how reduced memory requirements are a benefit to encryption. Are
there really any low end systems still in use today that actually have issues
with memory usage? Even $150 notebooks come with 1 gig of ram. This seems more
like it would help save ram on interception devices like the Narus Device or
the huge datacenters owned by the NSA, which have a huge issue with storing
all the data required to intercept and decrypt eavesdropped communications
reliably.

~~~
s353
I think of reduced memory requirements as a benefit to every application,
including encryption. That's because nearly every application I use competes
for memory; I also use memory as general storage media for stuff for which I
want fast I/O and/or don't need to save permanently (e.g. mfs or tmpfs
mounts). I think of memory as a precious resource.

~~~
IheartApplesDix
Think of encryption as more secure the harder it is to do. Optimizing
encryption for the benefit of other applications is backwards.

~~~
Heliosmaster
Think about RSA. Harder Encryption (computationally) is achieved with a high
e. Too bad that Wiener in 1990 proved that if d (private key) is small enough
we can easily crack it using continued fractions.

------
rb2k_
A little off topic, but since it's on the page: Is it only me or does
"mebibyte" simply look wrong?

You can't just decide that people aren't supposed to say "megabyte" anymore

~~~
idbfs
I agree that it looks odd. However, especially in applications like
cryptography, I think that removing the ambiguity of "megabyte" (i.e. do we
mean 10^6 or 2^20 bytes?) is worth the introduction of a new term.

~~~
Dylan16807
Do you mean an additional new term to mean millionbyte? Because the existence
of mebibyte only makes 'mega' even more ambiguous. You used to be able to know
from context.

~~~
idbfs
I was referring to the "mebi" prefix. I agree that, currently, the old SI
prefixes have perhaps been made slightly more ambiguous due to the
introduction of the new prefixes. It is my hope that the computing community
will eventually reach the consensus that the SI prefixes refer only to powers
of 10.

