Geralt
Search…
Hashing

Purpose

BLAKE2b is a cryptographic hash function. It takes a message of any size and produces a 128-bit to 512-bit hash.
This hash acts as a fingerprint for the data. Hashes can be used to uniquely identify messages, detect corruption, detect duplicate data, and index data in a hash table.
However, unkeyed hashes do not provide authentication (e.g. for Encrypt-then-MAC). Furthermore, they should be avoided for key derivation. Use the linked APIs instead.
BLAKE2b is NOT suitable for hashing passwords. Use Argon2id instead.
A hash size of at least 256 bits is strongly recommended to obtain collision resistance.

Usage

ComputeHash

Fills a span with a hash computed from a message.
BLAKE2b.ComputeHash(Span<byte> hash, ReadOnlySpan<byte> message)

Exceptions

hash has a length less than MinHashSize or greater than MaxHashSize.
The hash could not be computed.

BLAKE2bHashAlgorithm

Returns a byte array hash for a Stream message. This is useful for hashing files via FileStream.
using var blake2b = new BLAKE2bHashAlgorithm(int hashSize);
Span<byte> hash = blake2b.ComputeHash(Stream message);

Exceptions

hashSize is less than BLAKE2b.MinHashSize or greater than BLAKE2b.MaxHashSize.
The hash could not be computed.

IncrementalBLAKE2b

Provides support for computing a hash from several messages.
using var blake2b = new IncrementalBLAKE2b(int hashSize);
blake2b.Update(ReadOnlySpan<byte> message1);
blake2b.Update(ReadOnlySpan<byte> message2);
blake2b.Finalize(Span<byte> hash);
After Finalize() has been called, do NOT call Update() or Finalize() again.

Exceptions

hashSize is less than BLAKE2b.MinHashSize or greater than BLAKE2b.MaxHashSize.
hash has a length not equal to hashSize.
The hash could not be computed.

Notes

Do NOT use ComputeHash() for key derivation. Read the Key derivation page instead.
Do NOT manually truncate a hash. Instead, specify the hash size you want directly. The hash size affects the output, which provides domain separation.
Unlike older hash functions (e.g. MD5, SHA-1, SHA-256, and SHA-512), BLAKE2b is immune to length extension attacks.
The security level of BLAKE2b is 1/2 the output length (e.g. 128-bit security for a 256-bit hash).​
Copy link
On this page
Purpose
Usage
ComputeHash
BLAKE2bHashAlgorithm
IncrementalBLAKE2b
Notes