blake2b: unusable in XOF fashion.

[lleoha]

I might be missing something but with the latest blake2 crate I am unable to use it in XOF fashion.
Here's my use case: input some data to blake2 input, then read from it arbitrary number of bytes. This is valid use case to implement drbg from blake2 with "seed" which is also arbitrarily long. Of course I can work that around by hashing input to the size of some pseudo-rng (like ChaCha8Rng) but as far as I understand the contract for Rng is not to keep always the same output for the same seed (e.g. with the crate version change). I use quite extensively this functionality as many crypto protocols use keyed pseudo random functions and XOF was pretty straightforward way to implement it, and it would be nice to have this in blake2b implemented.

Please advise.

[burdges]

They never merged #704 but one could run that PR directly. Also, ChaCha8 is ChaCha8 and cannot be changed.

Yeah. I've love it if all hashes without a common XoF were simply depricated. XoFs being uncommon has resulted in some real stupidity, like the IRTF hash-to-curve standard. I've always just used shake128 when I want to be standards friendly.