Hashing¶
The Blake2b cryptographic hash function is the preferred one – it is faster than MD5 yet just as secure as SHA-3. Note that for password hashing or deriving keys from passwords, please use a PDKF like Argon2.
- monocypher.hash.blake2b(msg, key=b'', hash_size=64)¶
Computes the Blake2b digest of the given msg, optionally with a key (which can be used to construct a message authentication code). The returned digest will have length hash_size.
- Parameters:
msg – The message (a bytes-like object).
key – The key (bytes-like), between
Blake2bContext.KEY_MIN
andBlake2bContext.KEY_MAX
long.hash_size – Digest length (
int
), betweenBlake2bContext.HASH_MIN
andBlake2bContext.HASH_MAX
. When using Blake2b as a MAC, anything below 16 is discouraged, and when using Blake2b as a general-purpose hash function, anything below 32 is discouraged.
- Return type:
MAC Example¶
from monocypher.utils import random, crypto_verify16
from monocypher.hash import blake2b
KEY = random(64)
def compute_mac(msg):
return blake2b(msg, key=KEY, hash_size=16)
def verify_mac(msg, mac):
# Do not use "mac == compute_mac(msg)" here, since
# we may leak some information about the real mac
# (see timing attacks).
return crypto_verify16(mac, compute_mac(msg))
Incremental Interface¶
from monocypher.hash import Blake2bContext
ctx = Blake2bContext()
with open('file', mode='rb') as f:
while True:
chunk = f.read(4096)
if chunk == b'':
break
ctx.update(chunk)
digest = ctx.digest()
- class monocypher.hash.Blake2bContext(data=b'', key=b'', hash_size=64)¶
Can be used to incrementally compute the blake2b hash of a long stream of bytes (e.g. a large file) without having to read all of it into memory. Parameters have the same meaning as
blake2b()
. This class is compatible withhashlib
’s hash objects; seehashlib
for details.- HASH_MAX = 64¶
Maximum Blake2b digest length
- HASH_MIN = 1¶
Minimum Blake2b digest length
- KEY_MAX = 64¶
Maximum Blake2b key length
- KEY_MIN = 0¶
Minimum Blake2b key length