0

According to the whitepaper, Blake3 can be used as a key derivation function (function key_derive). Currently, as a key derivation function, I used Rust's Hkdf::<Sha256> which takes as input the master key and salt. Adding salt allows to ensure that even in the case I reuse the master key, the output of the Hkdf is randomized and cannot be linked to previous derivations.

Since Blake3 is much faster than Sha256 I would like to use it as my KDF, however, according to the whitepaper Blake3 takes only a key material and context string, which should be " hardcoded, globally unique and application-specific (...) should not contain variable data like salts, IDs or current time".

How can I then add salt to Blake3 key derivation function, to ensure that even if I reuse the same master key multiple times, the output of the key derivation is randomized?

Ziva
  • 235
  • 1
  • 7
  • 1
    prefix to your key? – kelalaka May 21 '21 at 19:26
  • @kelalaka I thought about that, but is it secure? If I feed into Blake3 salt || master key, won't the output be partially similar to the output of Blake3 for just master key as input? – Ziva May 21 '21 at 19:31
  • 2
    Why it should be? If so, then any MD-based hash function will be totally insecure. Also, Blake2,3 are immune to length extension attacks. – kelalaka May 21 '21 at 19:38
  • @kelalaka Great, thanks a lot! – Ziva May 22 '21 at 09:18

0 Answers0