On Mon, Nov 16, 2020 at 11:31:14PM +0100, Toke Høiland-Jørgensen wrote: > Toke Høiland-Jørgensen <[email protected]> writes: > > > @@ -169,6 +170,12 @@ const struct mac_desc mac_table[ALG_MAX] = { > > [ALG_SHA256] = HASH_DESC("Keyed SHA-256", sha256, SHA256), > > [ALG_SHA384] = HASH_DESC("Keyed SHA-384", sha384, SHA384), > > [ALG_SHA512] = HASH_DESC("Keyed SHA-512", sha512, SHA512), > > + [ALG_BLAKE2S] = {"Blake2s", BLAKE2S_SIZE, sizeof(struct > > blake2s_context), > > + blake2s_bird_init, blake2s_bird_update, > > + blake2s_bird_final, BLAKE2S_SIZE, > > BLAKE2S_BLOCK_SIZE}, > > + [ALG_BLAKE2B] = {"Blake2b", BLAKE2B_SIZE, sizeof(struct > > blake2b_context), > > + blake2b_bird_init, blake2b_bird_update, > > + blake2b_bird_final, BLAKE2B_SIZE, > > BLAKE2B_BLOCK_SIZE}, > > Note that there's an ongoing discussion on the babel@ietf list about > whether the output size of Blake2s ought to be truncated to 128 bits. > > See: > https://mailarchive.ietf.org/arch/msg/babel/9EIUxXvaGj-Zm9uktF0v1Zavb-g/ > > If anyone here has an opinion on this, please weigh in on that list; > otherwise I plan to respin this series with an option to have both > 128-bit and 256-bit outputs from Blake2s.
Hi Well, if Blake2 has variants with reduced hash lengths, than these lengths should be part of the hash name (like in SHA-2), even if only one would be implemented. So they should have keywords like blake2s256. Like in OpenSSL: blake2b512 blake2s256 gost md4 md5 rmd160 sha1 sha224 sha256 sha3-224 sha3-256 sha3-384 ... Or like in RFC 7693 section 4. Also, even if Babel WG have selected 128-bit reduced hash length variant as suggested variant, it would make sense to have full-length variants implemented in BIRD as they are basic variants of that hash. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
