Hashing

Geralt

Search…

Geralt

Introduction

Message authentication

Password hashing

Key derivation

Authenticated encryption

Key exchange

Digital signatures

Advanced

Hashing

Purpose
​BLAKE2b is a cryptographic hash function. It takes a message of any size and produces a 128-bit to 512-bit hash.
This hash acts as a fingerprint for the data. Hashes can be used to uniquely identify messages, detect corruption, detect duplicate data, and index data in a hash table.
However, unkeyed hashes do not provide authentication (e.g. for Encrypt-then-MAC). Furthermore, they should be avoided for key derivation. Use the linked APIs instead.
BLAKE2b is NOT suitable for hashing passwords. Use Argon2id instead.
A hash size of at least 256 bits is strongly recommended to obtain collision resistance.
Usage
ComputeHash
Fills a span with a hash computed from a message.
BLAKE2b.ComputeHash(Span<byte> hash, ReadOnlySpan<byte> message)
Exceptions
​ArgumentOutOfRangeException​
hash has a length less than MinHashSize or greater than MaxHashSize.
​CryptographicException​
The hash could not be computed.
BLAKE2bHashAlgorithm
Returns a byte array hash for a Stream message. This is useful for hashing files via FileStream.
using var blake2b = new BLAKE2bHashAlgorithm(int hashSize);
Span<byte> hash = blake2b.ComputeHash(Stream message);
Exceptions
​ArgumentOutOfRangeException​
hashSize is less than BLAKE2b.MinHashSize or greater than BLAKE2b.MaxHashSize.
​CryptographicException​
The hash could not be computed.
IncrementalBLAKE2b
Provides support for computing a hash from several messages.
using var blake2b = new IncrementalBLAKE2b(int hashSize);
blake2b.Update(ReadOnlySpan<byte> message1);
blake2b.Update(ReadOnlySpan<byte> message2);
blake2b.Finalize(Span<byte> hash);
After Finalize() has been called, do NOT call Update() or Finalize() again.
Exceptions
​ArgumentOutOfRangeException​
hashSize is less than BLAKE2b.MinHashSize or greater than BLAKE2b.MaxHashSize.
​ArgumentOutOfRangeException​
hash has a length not equal to hashSize.
​CryptographicException​
The hash could not be computed.
Notes
Do NOT use ComputeHash() for key derivation. Read the Key derivation page instead.
Do NOT manually truncate a hash. Instead, specify the hash size you want directly. The hash size affects the output, which provides domain separation.
Unlike older hash functions (e.g. MD5, SHA-1, SHA-256, and SHA-512), BLAKE2b is immune to length extension attacks.
The security level of BLAKE2b is 1/2 the output length (e.g. 128-bit security for a 256-bit hash).​

Padding

Message authentication

Last modified 26d ago

Copy link

On this page

Purpose

Usage

ComputeHash

BLAKE2bHashAlgorithm

IncrementalBLAKE2b

Notes