{"id":20384582,"url":"https://github.com/schultz-is/go-threefish","last_synced_at":"2026-04-15T23:33:38.158Z","repository":{"id":46676250,"uuid":"280964067","full_name":"schultz-is/go-threefish","owner":"schultz-is","description":"An implementation of the Threefish block cipher entirely in go with no external dependencies.","archived":false,"fork":false,"pushed_at":"2021-09-30T17:47:36.000Z","size":47,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"trunk","last_synced_at":"2025-03-04T23:13:24.091Z","etag":null,"topics":["block-cipher","block-ciphers","crypto","cryptography","threefish"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/schultz-is.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-19T22:50:08.000Z","updated_at":"2024-01-16T08:35:44.000Z","dependencies_parsed_at":"2022-09-03T21:12:42.711Z","dependency_job_id":null,"html_url":"https://github.com/schultz-is/go-threefish","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/schultz-is/go-threefish","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schultz-is%2Fgo-threefish","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schultz-is%2Fgo-threefish/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schultz-is%2Fgo-threefish/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schultz-is%2Fgo-threefish/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/schultz-is","download_url":"https://codeload.github.com/schultz-is/go-threefish/tar.gz/refs/heads/trunk","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schultz-is%2Fgo-threefish/sbom","scorecard":{"id":804437,"data":{"date":"2025-08-11","repo":{"name":"github.com/schultz-is/go-threefish","commit":"a78653985ed3635ab46244b338a5b51b3516da94"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/21 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/pr.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/schultz-is/go-threefish/pr.yml/trunk?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/schultz-is/go-threefish/pr.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/schultz-is/go-threefish/pr.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/schultz-is/go-threefish/pr.yml/trunk?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: ISC License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'trunk'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T11:23:58.944Z","repository_id":46676250,"created_at":"2025-08-23T11:23:58.944Z","updated_at":"2025-08-23T11:23:58.944Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31865070,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"ssl_error","status_checked_at":"2026-04-15T15:24:39.138Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["block-cipher","block-ciphers","crypto","cryptography","threefish"],"created_at":"2024-11-15T02:28:35.332Z","updated_at":"2026-04-15T23:33:38.139Z","avatar_url":"https://github.com/schultz-is.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# go-threefish\n\n![Tests](https://github.com/schultz-is/go-threefish/workflows/Tests/badge.svg)\n[![GoDoc](https://godoc.org/github.com/schultz-is/go-threefish?status.svg)](https://pkg.go.dev/github.com/schultz-is/go-threefish)\n[![Go Report Card](https://goreportcard.com/badge/github.com/schultz-is/go-threefish)](https://goreportcard.com/report/github.com/schultz-is/go-threefish)\n[![License](https://img.shields.io/github/license/schultz-is/go-threefish)](./LICENSE)\n\nThreefish is a tweakable block cipher that was developed as part of the Skein\nhash function as a submission to the NIST hash function competition. Threefish\nsupports block sizes of 256, 512, and 1024 bits.\n\nThe full Threefish specification is available in the footnotes[^1].\n\nTest vectors were extracted from the latest reference implementation[^2].\n\nEncryption and decryption loops have been unrolled to contain eight rounds in\neach iteration. This allows rotation constants to be embedded in the code\nwithout being repeated. This practice is described in detail in the paper[^1]\nwhich also provides detailed performance information.\n\n[^1]: http://www.skein-hash.info/sites/default/files/skein1.3.pdf\n[^2]: http://www.skein-hash.info/sites/default/files/NIST_CD_102610.zip\n\n## Installation\n\nTo install as a dependency in a go project:\n\n```console\ngo get -U github.com/schultz-is/go-threefish\n```\n\n## Usage\n\nThe cipher implementations in this package fulfill the `crypto/cipher`\n`cipher.Block` interface. Instances returned by this library can be used with\nany block ciphers modes that support 256, 512, or 1024-bit block sizes.\n\n```go\npackage main\n\nimport (\n\t\"crypto/cipher\"\n\t\"crypto/rand\"\n\t\"fmt\"\n\n\t\"github.com/schultz-is/go-threefish\"\n)\n\nfunc main() {\n\tmessage := make([]byte, 128)\n\tcopy(message, []byte(\"secret message\"))\n\n\t// Assign a key. Generally this is derived from a known secret value. Often\n\t// a passphrase is derived using a key derivation function such as PBKDF2.\n\tkey := make([]byte, 128)\n\t_, err := rand.Read(key)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\t// Assign a tweak value. This allows customization of the block cipher as in\n\t// the UBI block chaining mode. Support for the tweak value is not available\n\t// in the block ciphers modes supported by the standard library.\n\ttweak := make([]byte, 16)\n\t_, err = rand.Read(tweak)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\t// Instantiate and initialize a block cipher.\n\tblock, err := threefish.New1024(key, tweak)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\t// When using CBC mode, the IV needs to be unique but does not need to be\n\t// secure. For this reason, it can be prepended to the ciphertext.\n\tciphertext := make([]byte, block.BlockSize()+len(message))\n\tiv := ciphertext[:block.BlockSize()]\n\t_, err = rand.Read(iv)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\tmode := cipher.NewCBCEncrypter(block, iv)\n\tmode.CryptBlocks(ciphertext[block.BlockSize():], message)\n\n\tfmt.Printf(\"%x\\n\", ciphertext)\n}\n```\n\n## Testing\n\nUnit tests can be run and test coverage can be viewed via the provided Makefile.\n\n```console\nmake test\nmake cover\n```\n\n## Benchmarking\n\nBenchmarks can be run and CPU and memory profiles can be generated via the\nprovided Makefile.\n\n```console\nmake benchmark\ngo tool pprof cpu.prof\ngo tool pprof mem.prof\n```\n\n## Performance\n\n### 2020 Mac Mini M1\n\n```console\nname                      time/op  speed\nThreefish256/encrypt-8     85 ns   372 MB/s\nThreefish256/decrypt-8    111 ns   287 MB/s\nThreefish512/encrypt-8    234 ns   272 MB/s\nThreefish512/decrypt-8    363 ns   175 MB/s\nThreefish1024/encrypt-8   581 ns   220 MB/s\nThreefish1024/decrypt-8   685 ns   186 MB/s\n```\n\n### 2019 MacBook Pro 2.3GHz Intel i9\n\n```console\nname                      time/op  speed\nThreefish256/encrypt-16   124 ns   259 MB/s\nThreefish256/decrypt-16   156 ns   206 MB/s\nThreefish512/encrypt-16   338 ns   189 MB/s\nThreefish512/decrypt-16   310 ns   206 MB/s\nThreefish1024/encrypt-16  804 ns   159 MB/s\nThreefish1024/decrypt-16  778 ns   165 MB/s\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschultz-is%2Fgo-threefish","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fschultz-is%2Fgo-threefish","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschultz-is%2Fgo-threefish/lists"}