BLAKE2 instead of SHA2

Topics: Feature Requests
Oct 14, 2014 at 5:02 PM
Edited Oct 14, 2014 at 5:04 PM
The following comment was posted as a comment by Hasson for the article on eSP about VC, I just thought that if you didn't see said comment that it would be a good idea to post here:

Why not BLAKE2 instead of SHA2 for better performance? And why not scrypt?
Coordinator
Oct 15, 2014 at 10:13 AM
The have replied to the comment on eSP but it needs moderation before it is being displayed.

Basically, BLAKE2 is too fast and it is not part of the official SHA-3 finalist candidates even if it is derived from BLAKE. Since we use hash functions for key derivation, performance is not our primary criteria as we need to be protected again brute force attacks.
Once the SHA-3 standard is finalized, we'll include BLAKE and Skein alongside Keccak.

As for scrypt, it is indeed an interesting alternative to PBKDF2 but its memory requirement makes it impossible to implement for boot encryption. Nevertheless, it can be used for normal volume encryption but we need to modify the internal architecture in order to be able to use scrypt and PBKDF2 at the same time while offering the possibility to choose which one to use.