As it was afraid to see SHA-3 rejected by developers, the NIST did not change the Keccak algorithm, nor the main parameters.
For an empty data, the last version of Keccak submitted to the NIST produces, for a 512-bit output:
0EAB42DE4C3CEB9235FC91ACFFE746B29C29A8C366B7C60E4E67C466F36A4304C00FA9CAF9D87976BA469BCBE06713B435F091EF2769FB160CDAB33D3670680E
This value can be found in ShortMsgKAT_512.txt.
However, we can see on GitHub that Keccak, which now follows the FIPS 202, produces:
A69F73CCA23A9AC5C8B567DC185A756E97C982164FE25859E0D1DCC1475C80A615B2123AF1F5F94C11E3E9402C3AC558F500199D95B6D3E301758586281DCD26... read more
In order to create a new volume initialized with random data, I just benchmarked the famous CryptGenRandom function. The function fills a 1MB buffer and is called several times. It works on one thread, on a Core i7 2600k @3800. Here are my results, for various systems running in virtual machines:
10 (64-bit) : 2160 MB/s
10 (32-bit) : 1550 MB/s
8.1 (64-bit) : 404 MB/s
8.1 (32-bit) : 392 MB/s
8 (64-bit) : 405 MB/s
8 (32-bit) : 394 MB/s
7 SP1 (64-bit) : 265 MB/s
7 SP1 (32-bit) : 163 MB/s
Vista (64-bit) : 37 MB/s
Vista (32-bit) : 30 MB/s
XP64 SP2 (64-bit) : 38 MB/s
XP64 SP2 (32-bit) : 33 MB/s
XP SP3 : 30 MB/s
XP : 24 MB/s... read more
Argon2 has recently been provided in version 1.3. The change log says:
v.1.3
• The blocks are XORed with, not overwritten in the second pass and later;
• The version number byte is now 0x13.
It seems to be an answer to an attack for which the hash can be computed with 2.71 less memory and no time penalty (even if the "no time penalty" sounds like a bad joke when we think of the complexity added by the management of the unused memory blocks...).... read more