> On Jun 8, 2015, at 1:37 PM, Hubert Kario via RT <r...@openssl.org> wrote: > > On Friday 05 June 2015 16:39:36 Zooko Wilcox-OHearn via RT wrote: >> Dear OpenSSL folks: >> >> I'm one of the authors of the BLAKE2 hash function >> (https://blake2.net). I've been working with the maintainers of GNU >> coreutils to make a tool named "b2sum", which I hope will eventually >> replace md5sum. >> >> md5sum is the most widely-used tool in the world for data integrity >> but, as you know, MD5 is weak in ways that could endanger the users of >> md5sum, depending on how they use it. I want to see md5sum phased out >> entirely in our lifetimes! >> >> BLAKE2 is a secure hash function, while being faster than MD5 (at >> least on 64-bit CPUs). BLAKE2 is being used in new software projects >> (https://blake2.net/#us) and there is recently an Internet Draft to >> specify it >> (https://datatracker.ietf.org/doc/draft-saarinen-blake2/?include_text=1). >> >> One of the coreutils maintainers suggested that we should ask OpenSSL >> to add BLAKE2, because coreutils itself will probably just use a >> portable C implementation, but it would use an optimized >> implementation if openssl provided it. Here's that thread: >> http://lists.gnu.org/archive/html/coreutils/2015-06/msg00011.html >> >> We, the BLAKE2 maintainers, offer both reference C code and optimized >> implementations: https://blake2.net/#dl . There are also other >> implementations with various virtues available: https://blake2.net/#sw >> >> Here's my blog post extolling the virtues of BLAKE2 as a >> high-performance hash function: >> >> https://leastauthority.com/blog/BLAKE2-harder-better-faster-stronger-than-MD >> 5.html >> > > how resistant is it against side channel attacks?
Since it’s based on ChaCha, it’s very resistant to timing (and power) based side channel leakage. Yoav _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev