Can someone who knows crypto shed some light on the "gravity" of this algorithm? Is this going to out and out replace MD5, or will it fall among the many "awesome, but not widely used" hashes out there? It sounds pretty awesome... almost too awesome!
These reasons don't matter. What matters is that you use a widely used hash function through a widely used software library. Most security issues are implementation-related, not cryptography-related. And if there are problems with a scheme, more people should look for them. SHA2/3 are better options under this light.
Glad I came across this -- I have a need for a hash function with cryptographic properties but that I don't actually mean to use for crypto, but just to uniquely identify a file by its contents. Speed is really important to me. This sounds perfect for my application.
This author almost completely misses the point. The basic architecture behind SHA-2 is similar to MD5 and SHA-1, and the fact that attacks are possible on MD5 and SHA-1 means an attack could be possible on SHA-2. Then if SHA-3 used the same architecture again, a weakness in SHA-2 might lead to a weakness SHA-3. Then both SHA-2 and SHA-3 are insecure.<p>Since SHA-3 is now based on a totally different architecture, any weakness in SHA-2 has no effect for SHA-3. At the same time, if someone does find an attack against SHA-3, SHA-2 is still secure.
Because SHA3 is the standard, we' re going to see hardware implementations of it and a lot of research will go into its software implementation.<p>If you care about performance, stick to the standard.<p>Another commenter also rightly pointed out that SHA3 implementations will be more scrutinized, and therefore more secure. Exploitable security issues lie rarely in the algorithm.<p>Long story short: stick to the standard.
For those using Node.js who are interesting in trying out BLAKE2, I found this module:<p><a href="https://github.com/sekitaka/node-blake2" rel="nofollow">https://github.com/sekitaka/node-blake2</a><p>I hasn't been touched in a year, but it looks fairly good. I may try it out soon to see how it performs myself.
Excuse my lack of knowledge on the subject. I know MD5 has it cryptographic security issues [1] but I almost always assumed that the main reason it was a 'weak' hash was due to it's speed and how, consequently, rainbow tables we're readily available. If this premise is correct, wouldn't that inherently make Blake2 less strong/secure since its faster?<p>[1] <a href="http://en.wikipedia.org/wiki/MD5#Security" rel="nofollow">http://en.wikipedia.org/wiki/MD5#Security</a>
For non-cryptographic applications that don't require top-grade security, but do want a short reasonably-unique identifier for a file to detect duplicates, MD5's speed and ubiquity made it a natural choice. This is the first thing I've seen aimed at restoring some security to that particular niche.