[noise] BLAKE2 as a diffie-hellman entropy extractor
Jason A. Donenfeld
Jason at zx2c4.com
Tue Oct 13 14:52:43 PDT 2015
On Tue, Oct 13, 2015 at 9:48 PM, Trevor Perrin <trevp at trevp.net> wrote:
> derivation. I'm not thrilled with either - SHA256 might be all you
> have, and is significantly more efficient on non-64 bit platforms.
Regarding efficiency, since moving to SHA512 would avoid the need for
the "expand" stage of HKDF, you'd save yourself 2 HMACS = 4 SHA256
operations. So at least you'd be saving something there.
(Though, if performance is really an issue anyway, you might as well
move to blake :P)
More information about the Noise
mailing list