Hashing
Purpose
BLAKE2b is a cryptographic hash function. It takes a message of any size and produces a 128-bit to 512-bit hash.
This hash acts as a fingerprint for the data. Hashes can be used to uniquely identify messages, detect corruption, detect duplicate data, and index data in a hash table.
However, unkeyed hashes do not provide authentication (e.g. for Encrypt-then-MAC). Furthermore, they should be avoided for key derivation. Use the linked APIs instead.
BLAKE2b is NOT suitable for hashing passwords. Use Argon2id instead.
A hash size of at least 256 bits is strongly recommended to obtain collision resistance.
Usage
ComputeHash
Fills a span with a hash computed from a message.
Exceptions
hash has a length less than MinHashSize or greater than MaxHashSize.
The hash could not be computed.
ComputeHash
Fills a span with a hash computed from a Stream message. This is useful for hashing files.
Exceptions
hash has a length less than MinHashSize or greater than MaxHashSize.
message is null.
The hash could not be computed.
IncrementalBLAKE2b
Provides support for computing a hash from several messages.
Exceptions
hashSize is less than MinHashSize or greater than MaxHashSize.
hash has a length not equal to hashSize.
The hash could not be computed.
Cannot update after finalizing or finalize twice.
Constants
These are used for validation and/or save you defining your own constants.
Notes
Do NOT use ComputeHash() for key derivation. Read the Key derivation page instead.
Do NOT manually truncate a hash. Instead, specify the hash size you want directly. The hash size affects the output, which provides domain separation.
Unlike older hash functions (e.g. MD5, SHA-1, SHA-256, and SHA-512), BLAKE2b is immune to length extension attacks.
The security level of BLAKE2b is 1/2 the output length (e.g. 128-bit security for a 256-bit hash).
Last updated