Blake2s is a cryptographic hash function that can be used to generate secret keys from input data through the HKDF (Hashing Key Derivation Function) variant of PBKDF. The HKDF provides a method for securely deriving key material from a source of unpredictable, but otherwise weak, information such as passwords or passphrases.
The basic idea behind Blake2s-based key derivation is to first hash the input data using Blake2s and then apply a salt (a random value) and an iteration count to generate the final secret key. The salt helps prevent attackers from guessing the original password by making it harder for them to find collisions between different inputs that produce the same output.
Here’s how you can implement this in Python using the cryptography library:
# Import necessary libraries
from cryptography.hazmat.primitives import hmac, hashes
import binascii
# Define input data and salt
password = b"my_secret_password" # Define password as a byte string
salt = b"\x01\x02\x03\x04\x05\x06\x07\x08" # Define salt as a byte string
iterations = 10000 # Define number of iterations for HKDF function
keylen = 32 # Define desired key length in bytes
# Define HKDF function using Blake2s as the underlying hash algorithm
def hkdf(data, salt, iterations):
# Hash input data with Blake2s and salt to generate a context for HMAC
hashed = hashes.Blake2s(digest_size=32).update(data + salt) # Use Blake2s to hash input data and salt
ctx = binascii.hexlify(hashed.finalize()).decode() # Convert hashed data to a hex string and decode it
# Generate key material using HMAC with Blake2s as the underlying hash algorithm for HMAC
hmac_ctx = hmac.HMAC(hashes.Blake2s(), None, backend="cryptography") # Create an HMAC object using Blake2s as the hash algorithm
for i in range(iterations):
hmac_ctx.update((b"." + ctx).encode()) # Update HMAC context with the hex string of the previous iteration
ctx = binascii.hexlify(hmac_ctx.finalize()).decode() # Convert updated HMAC context to a hex string and decode it
# Extract the final key material from the HMAC output using slicing
return bytes.fromhex(ctx[0:keylen]) # Convert the first 32 characters of the final hex string to bytes and return it as the secret key
# Generate secret key for encryption or MAC algorithm
secret_key = hkdf(password, salt, iterations) # Call HKDF function with input data, salt, and number of iterations to generate the secret key
In this example, we first define our input data (the password), salt value, and iteration count. We then use the `hkdf()` function to generate a 256-bit secret key using Blake2s as follows:
1. Hash the concatenation of the password and salt with Blake2s to get an intermediate hash value.
2. Use this intermediate hash value as input for HMAC (Hash Message Authentication Code) with Blake2s as the underlying hash algorithm. This generates a new output that is used as the final key material.
3. The `hkdf()` function iterates over the HMAC output and extracts the first 32 bytes to get the desired secret key length (in this case, 256 bits).
This method provides strong security guarantees for generating keys from weak input data such as passwords or passphrases. The salt value helps prevent attackers from guessing the original password by making it harder for them to find collisions between different inputs that produce the same output. Additionally, the iteration count adds an additional layer of protection against brute-force attacks on the key material.
In response to your question about how Blake2s compares to SHA3 for HKDF, both algorithms are suitable for use with HKDF due to their strong security properties. However, there may be some differences in performance or implementation details that could affect the choice between them depending on specific requirements and constraints. In general, it’s recommended to choose an algorithm based on its suitability for the intended application rather than relying solely on popularity or reputation.