Juliusz Chroboczek <[email protected]> writes: >>> (1) leave the document as it is; >>> (2) add a mention that implementation of Blake2S is RECOMMENDED (SHOULD); >>> (3) add a mention that implementation of Blake2B is RECOMMENDED; >>> (4) add a mention that implementation of both 2B and 2S is RECOMMENDED. > >> I'm in favour of (2). > > Where is Blake2S-based HMAC defined? RFC 7693 merely says: > > BLAKE2 does not require > a special "HMAC" (Hashed Message Authentication Code) construction > for keyed message authentication as it has a built-in keying > mechanism. > > but it does not appear to clearly define the HMAC construction.
Section 3.3 simply says: If a secret key is used (kk > 0), it is padded with zero bytes and set as d[0]. Otherwise, d[0] is the first data block. The final data block d[dd-1] is also padded with zero to "bb" bytes (16 words). -Toke _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
