BLAKE3 VS pocorgtfo

> might be easier with a public domain license instead of the current ones

There reference implementation is public domain (CC0) or at your choice Apache 2.0

https://github.com/BLAKE3-team/BLAKE3/blob/master/LICENSE

Fyi, blake3 was released in 2019 and should probably be used over blake2 unless you have some strong reason not to. It's basically a reimplementation of blake2 with performance tweaks.

https://github.com/BLAKE3-team/BLAKE3

Many people will argue that today's compilers are so smart/optimized that you'd be a fool to try to outsmart the compiler with asm. I'm not 1 of them, but I know some. IMO it's all a bunch of bullshit, there's a goddamn reason all the cryptocurrency mining CPU/GPU code is all hand-written asm. there's a reason blake3 is written in asm ( https://github.com/BLAKE3-team/BLAKE3/blob/master/c/blake3_sse41_x86-64_windows_msvc.asm ) - but the thing is, 99.99% of the time, life is too short to outsmart the compiler (unless you're Alexander Yee)

I have been trying to optimize my code to create a fast hashing function to create and check b3 file integrity but b3sum is way way faster than my aproach, i have been trying to modify my code acordingly to https://github.com/BLAKE3-team/BLAKE3/blob/master/b3sum/src/main.rs with no luck, so if anyone can give me some tips/clues on how to achieve better speeds it would be incredible. Thx!!

BLAKE3 might be faster than KangarooTwelve and is also an XOF. It doesn't have the benefit of getting a working RFC draft proposal however.

You're saying the hash speed is 133 kB/s? That's extremely slow, for example BLAKE3 achieves 6.8 GB/s which is over 50000 times faster. Nobody wants to use such a slow hash function.

Try this one if you want a smaller, and particularly interesting crate: https://github.com/BLAKE3-team/BLAKE3

blake3 is a cryptographic hashing function, which is used during plotting's "forward propagation" step

BLAKE3 claims to be faster and more secure than both MD5 and SHA1.

More information: https://github.com/BLAKE3-team/BLAKE3

Your best bet here is to get the base address nailed down (assuming it’s a flat/monolithic image). There are a handful of utilities floating around (binbloom, basefind2) that use various pointer heuristics to try to guess the base address. There’s also a nice trick detailed in PoC||GTFO that you can use pretty reliably.

execute the pdf: https://github.com/angea/pocorgtfo

1) People systematically underestimate how easy it is to create collisions that still do something "interesting", like being polyglots. See PoC||GTFO, specifically anything by Ange Albertini, for examples; grep https://github.com/angea/pocorgtfo/blob/master/README.md for "MD5".

1bis) You can use an existing collision to create new collisions. People seem to think you need to generate all the work again from scratch.

1cis) The files do not need to be gigantic.

2) You can do the collision in advance, and publish the malicious version later. What it accomplishes is that the concept of "this Git hash unambiguously specifies a revision" no longer works, and one of them can be malicious.

3) The standard should be "obviously safe beyond a reasonable doubt", not "not obviously unsafe to a non-expert". By the latter standard, pretty much any random encryption construction is fine.

If you want to learn more how these things work I'd highly suggest going through the PoC||GTFO archive (https://github.com/angea/pocorgtfo/blob/master/README.md) and check out entries by Ange Albertini or entries named like "This ZIP is also a PDF".