diff options
| author | Jack O'Connor <[email protected]> | 2021-04-30 19:05:56 -0400 |
|---|---|---|
| committer | Jack O'Connor <[email protected]> | 2021-05-18 11:02:05 -0400 |
| commit | 7cd208afcf91f69b786549a4bed77371a7b9cc2d (patch) | |
| tree | 0bf3a6129763ad177c87858dab79c276e68c6882 | |
| parent | 4b7babbe99c04bd573aad49db24484d07c574ae9 (diff) | |
explicitly document the properties of short outputs
Suggested by @joshtriplett at:
https://github.com/BLAKE3-team/BLAKE3/issues/168#issuecomment-829609667
| -rw-r--r-- | c/README.md | 19 | ||||
| -rw-r--r-- | src/lib.rs | 11 |
2 files changed, 26 insertions, 4 deletions
diff --git a/c/README.md b/c/README.md index 8428e48..5026b0d 100644 --- a/c/README.md +++ b/c/README.md @@ -92,10 +92,21 @@ void blake3_hasher_finalize( size_t out_len); ``` -Finalize the hasher and emit an output of any length. This doesn't -modify the hasher itself, and it's possible to finalize again after -adding more input. The constant `BLAKE3_OUT_LEN` provides the default -output length, 32 bytes. +Finalize the hasher and return an output of any length, given in bytes. +This doesn't modify the hasher itself, and it's possible to finalize +again after adding more input. The constant `BLAKE3_OUT_LEN` provides +the default output length, 32 bytes, which is recommended for most +callers. + +Outputs shorter than the default length of 32 bytes (256 bits) provide +less security. An N-bit BLAKE3 output is intended to provide N bits of +first and second preimage resistance and N/2 bits of collision +resistance, for any N up to 256. Longer outputs don't provide any +additional security. + +Shorter BLAKE3 outputs are prefixes of longer ones. Explicitly +requesting a short output is equivalent to truncating the default-length +output. (Note that this is different between BLAKE2 and BLAKE3.) ## Less Common API Functions @@ -1337,6 +1337,17 @@ impl std::io::Write for Hasher { /// An incremental reader for extended output, returned by /// [`Hasher::finalize_xof`](struct.Hasher.html#method.finalize_xof). +/// +/// Outputs shorter than the default length of 32 bytes (256 bits) +/// provide less security. An N-bit BLAKE3 output is intended to provide +/// N bits of first and second preimage resistance and N/2 bits of +/// collision resistance, for any N up to 256. Longer outputs don't +/// provide any additional security. +/// +/// Shorter BLAKE3 outputs are prefixes of longer ones. Explicitly +/// requesting a short output is equivalent to truncating the +/// default-length output. (Note that this is different between BLAKE2 +/// and BLAKE3.) #[derive(Clone)] pub struct OutputReader { inner: Output, |