You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’d like VeraCrypt to add support for the BLAKE2b-512 hash algorithm as an option for HMAC, alongside current options like Whirlpool, SHA-512, and BLAKE2s-256.
Desired behavior
Integrate BLAKE2b-512 as a selectable hash function in the VeraCrypt UI (e.g., in the encryption settings dialog) and backend, enabling its use with HMAC for securing volumes. It should maintain compatibility with existing functionality, adding BLAKE2b-512 as an optional choice without altering default behavior.
BLAKE2b-512 delivers a 512-bit output (256-bit collision resistance), matching Whirlpool and SHA-512’s strength. Built from the SHA-3 finalist BLAKE, it’s been rigorously analyzed since 2012 with no known attacks as of March 2025.
Its optimized for 64-bit systems, BLAKE2b-512 is faster than SHA-512 and Whirlpool (e.g., ~1 GiB/s on modern CPUs), potentially speeding up volume mounting and key derivation without sacrificing security.
It complements BLAKE2s-256 (already in VeraCrypt) by offering a 512-bit variant, giving users more flexibility for high-security needs.
This would appeal to security-conscious users seeking robust, modern, non-NSA alternatives while improving performance on 64-bit platforms.
Screenshots/Mockup/Designs
No specific mockups provided, but here’s a conceptual addition to the UI:
In the “Create New Volume” wizard, under “Hash Algorithm” dropdown, add “BLAKE2b-512” alongside “SHA-512,” “Whirlpool,” “SHA-256,” “BLAKE2s-256,” etc.
I’d like VeraCrypt to add support for the BLAKE2b-512 hash algorithm as an option for HMAC, alongside current options like Whirlpool, SHA-512, and BLAKE2s-256.
Desired behavior
Integrate BLAKE2b-512 as a selectable hash function in the VeraCrypt UI (e.g., in the encryption settings dialog) and backend, enabling its use with HMAC for securing volumes. It should maintain compatibility with existing functionality, adding BLAKE2b-512 as an optional choice without altering default behavior.
BLAKE2b-512 delivers a 512-bit output (256-bit collision resistance), matching Whirlpool and SHA-512’s strength. Built from the SHA-3 finalist BLAKE, it’s been rigorously analyzed since 2012 with no known attacks as of March 2025.
Its optimized for 64-bit systems, BLAKE2b-512 is faster than SHA-512 and Whirlpool (e.g., ~1 GiB/s on modern CPUs), potentially speeding up volume mounting and key derivation without sacrificing security.
It complements BLAKE2s-256 (already in VeraCrypt) by offering a 512-bit variant, giving users more flexibility for high-security needs.
This would appeal to security-conscious users seeking robust, modern, non-NSA alternatives while improving performance on 64-bit platforms.
Screenshots/Mockup/Designs
No specific mockups provided, but here’s a conceptual addition to the UI:
In the “Create New Volume” wizard, under “Hash Algorithm” dropdown, add “BLAKE2b-512” alongside “SHA-512,” “Whirlpool,” “SHA-256,” “BLAKE2s-256,” etc.
Example:
A simple dropdown update in the GUI would suffice, with backend support in the HMAC implementation.
Additional information
BLAKE2b-512’s adoption in tools like WireGuard and Argon2 suggests it’s production-ready and could enhance VeraCrypt’s crypto suite.
Your Environment
Please tell us more about your environment
VeraCrypt version: 1.26.18
Operating system and version: Windows 11 Pro 24H2 & Fedora 41 Xfce
System type: 64-bit
The text was updated successfully, but these errors were encountered: