Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I didn't expect such attacks to exist, thanks for bringing that up. However that Wikipedia page seem to say sha-256 is ok since it's truncated?


SHA-256 is not truncated. "SHA-512/256" is truncated. It means you do SHA-512 (with a different starting state) and then throw out half.


Sha-224 and Sha-384 are the truncated versions of Sha-256 and Sha-512 respectively.

My boring hash function of choice is Sha-384. The Sha-512 computation is faster on Intel hardware, and ASICS to crack it are far more expensive than Sha-256 because of bitcoin.

If you're hashing passwords or something, use a "harder" hash like Argon2 or Scrypt.


SHA-512 is faster only on Skylake derivatives up to Comet Lake and on older Intel Core CPUs.

On Intel Atom starting with Apollo Lake (2016) and on Intel Core starting with Ice Lake (2019) and on all AMD Zen CPUs (2017), SHA-256 is implemented in hardware and it is much faster than SHA-512.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: