Let's suppose I want to use a cipher with a large key size, such as ISAAC that supports 8192 bits ogf key.
I can hash with sha-256 or sha-512 and iterate until reaches the key size but I won't get 8192 bits of security as the internal state of this hash functions are capped to 256 or 512-bits.
I can hash with a XOF (eXtendable Output Function) such as Skein, SHAKE, KangarooTwelve, Blake3 or Blake2x but again the problem is the internal state wich is small and based iterations in the compression function, they don't give a security more than 256/512 bits even if the output is arbitrarily chosen.
Maybe a specialized KDF function can be used such as Argon2 or Scrypt.
My question is specific about Argon2.
The documentation of it says it accepts large inputs for message, salts and its digest size can be arbitrarily chosen.
I compiled a argon2 runtime program to hash files in the terminal such as photos and I can't see difference in timings when the output size is small or large.
$ time cat ~/some_file | argon2-static 00000000 -d -t 2000000 -m 3 -p 1 -r -l 32 &>/dev/null
real 0m6.334s
user 0m6.329s
sys 0m0.004s
$ time cat ~/some_file | argon2-static 00000000 -d -t 2000000 -m 3 -p 1 -r -l 1024 &>/dev/null
real 0m6.455s
user 0m6.443s
sys 0m0.008s
Both 32 byte (256-bits) and 1024 (8192-bits) output sizes have almost equal timings when hashing with Argon2.
This let me doubts.
Has the internal state of Argon2 the same size of output? Or maybe its only iterations on the hash function?
I'm asking this because Argon2 uses Blake2b has a hash function and it has 512-bits of internal state, not 8192 which I want.
Will I have 8192-bits of security if some high entropy input (equal or larger than output) is processed to this output size in Argon2?
phantomcraft
commented
2 years ago
Let's suppose I want to use a cipher with a large key size, such as ISAAC that supports 8192 bits ogf key.
I can hash with sha-256 or sha-512 and iterate until reaches the key size but I won't get 8192 bits of security as the internal state of this hash functions are capped to 256 or 512-bits.
I can hash with a XOF (eXtendable Output Function) such as Skein, SHAKE, KangarooTwelve, Blake3 or Blake2x but again the problem is the internal state wich is small and based iterations in the compression function, they don't give a security more than 256/512 bits even if the output is arbitrarily chosen.
Maybe a specialized KDF function can be used such as Argon2 or Scrypt.
My question is specific about Argon2.
The documentation of it says it accepts large inputs for message, salts and its digest size can be arbitrarily chosen.
I compiled a argon2 runtime program to hash files in the terminal such as photos and I can't see difference in timings when the output size is small or large.
Both 32 byte (256-bits) and 1024 (8192-bits) output sizes have almost equal timings when hashing with Argon2.
This let me doubts.
Has the internal state of Argon2 the same size of output? Or maybe its only iterations on the hash function?
I'm asking this because Argon2 uses Blake2b has a hash function and it has 512-bits of internal state, not 8192 which I want.
Will I have 8192-bits of security if some high entropy input (equal or larger than output) is processed to this output size in Argon2?