Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:
Is your concern CPU time or bandwidth (network/storage) or something else?
Yes.
If it's CPU time: on some architectures SHA-512 implementations are faster
than SHA-256 implementations (except for digests of very short messages):
A huge number of devices, and in particular ones with less CPU power, are
still 32-bit, and will remain so for a long time, probably more or less
indefinitely.
In addition from the original post it was unclear whether -512 referred to
SHA2 or SHA3 (which is why I qualified my reply as SHA2-256 and SHA3-512),
SHA3 will be ever worse than SHA2-512 in speed terms.
In terms of network/storage, there's the unnecessary use of 64-byte hashes
that I've already mentioned. For TLS and SSH you really don't need more than
maybe 64 bits (not bytes), and certainly 64 bytes is nothing more than a
pointless waste of space when you're sending lots of small data quantities
back and forth.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp