paragonie-security
commented
2 years ago When unstated, it is always BLAKE2b with an output size of 256 bits.
Closed brycx closed 2 years ago
paragonie-security
commented
2 years ago When unstated, it is always BLAKE2b with an output size of 256 bits.
brycx
commented
2 years ago When unstated, it is always BLAKE2b with an output size of 256 bits.
Thanks, this is good to know. If you don't want to change to the more consistent style I suggested above, I'd suggest we at least add this as a statement somewhere in the spec where it's clear.
paragonie-security
commented
2 years ago We're going to opt to be more explicit about this in the next revision. Thanks for reporting this.
paragonie-security
commented
2 years ago This has been addressed. Thank you.
Apologies in advance, if I'm blind or overlooked something.
Reading the spec, I feel left wondering what the output sizes of calling BLAKE2b should be at different places:
The only reason I know the size for the encryption key is because XChaCha20 requires a 256 bit key.
In general, throughout the spec, it seems that for V2/V4 the terms "BLAKE2b" and "crypto_generichash" are used interchangeably. Personally, I'd prefer that it were consistent with "BLAKE2b", as otherwise it assumes a lot of familiarity with libsodium and implementing V2/V4 obviously can be done without libsodium.
So, I'd suggest changing all mentions of "BLAKE2b"/"crypto_generichash" to "BLAKE2b-n" where "n" (either bits (seems most common) or bytes, but consistently) is the size of the hash/mac BLAKE2b should produce, to be as clear as possible.