Today we’re going to talk about implementing BLAKE2 hash and MAC in Python because who doesn’t love a good cryptographic algorithm? But first, let’s take a quick detour through the history of hashing.
Back in the day (like, 1980-something), we had MD5 and SHA-1. They were great for their time, but as technology advanced, so did our attackers. These algorithms became vulnerable to collisions and preimage attacks not good news if you’re storing sensitive data like passwords or credit card numbers.
Enter BLAKE2! This algorithm was designed in 2012 by a team of researchers led by Jean-Pierre Aumasson, with the goal of being faster than SHA-3 and more secure than MD5/SHA-1. It’s also parallelizable, which means it can be sped up on multi-core CPUs.
Now that we know why BLAKE2 is awesome, Time to get going with how to implement it in Python using the hashlib library. First, make sure you have the latest version of Python installed (3.6 or higher) and pip:
# This script checks the version of Python installed and upgrades pip to the latest version.
# Check the version of Python installed
python --version
# Output: Python 3.9.1
# Upgrade pip to the latest version
pip install --upgrade pip
# Explanation: The first line checks the version of Python installed and prints it to the console. The second line uses pip to install the latest version of pip, which is a package manager for Python. This ensures that we have the most up-to-date version of pip before proceeding with the rest of the script.
Next, let’s create a new file called `blake2_hash.py`. We’ll start by importing the hashlib library and defining some constants:
# Importing the necessary libraries
import hashlib # Importing the hashlib library for cryptographic hashing
from base64 import b64encode # Importing the b64encode function from the base64 library for encoding
# Defining constants
BLAKE2S = hashlib.new('blake2s') # Creating a new instance of the blake2s hash algorithm with a 256-bit variant
BLAKE2B_KEYLEN = 32 # Defining the key length for the BLAKE2b MAC (in bytes)
Now let’s define a function to generate the BLAKE2 hash of some input data:
# Define a function to generate the BLAKE2 hash of some input data
def blake2hash(data):
# Create a BLAKE2S object to perform the hashing
blake2s = BLAKE2S()
# Update the object with the input data
blake2s.update(data)
# Get the digest of the hashed data and encode it in base64
hashed_data = b64encode(blake2s.digest())
# Decode the hashed data into a string using utf-8 encoding
hashed_data_string = hashed_data.decode('utf-8')
# Return the hashed data string
return hashed_data_string
This function takes the `data` as input, updates the hash object with it, and returns the base64 encoded digest (which is essentially a string representation of the hash).
But what if you want to use BLAKE2 for message authentication? That’s where MAC comes in. Here’s how to generate a BLAKE2b MAC:
# Function to generate a BLAKE2b MAC
def blake2mac(key, data):
# Create a new hash object using the BLAKE2b algorithm with a 128-bit variant for MAC
mac_ctx = hashlib.new('blake2b')
# Update the hash object with the key and data
mac_ctx.update(key)
mac_ctx.update(data)
# Return the base64 encoded digest of the hash as a string
return b64encode(mac_ctx.digest()).decode('utf-8')
This function takes a `key` and some input data, updates the hash object with both of them (using BLAKE2b for MAC), and returns the base64 encoded digest. Note that we’re using the 128-bit variant here because it’s more secure than the 256-bit variant for MAC purposes.
You can now use these functions to hash or authenticate data with BLAKE2 in Python.