(This is probably old info for some of you.)
From my analysis, the difference in speed between sha2-256 and sha2-512 is
directly because of the use of 32-bit arithmetic vs 64-bit arithmetic. The
algorithms are essentially identical, not counting the underlying constants.
On machines where 64-bit arithmetic is faster than 32-bit arithmetic, sha2-512
will be faster than sha2-256. On machines where 32-bit arithmetic is faster
than 64-bit arithmetic, sha2-256 will be faster than sha2-512. On 8-bit or
16-bit machines, you’re going to be emulating either 32-bit arithmetic or
emulating 64-bit arithmetic; usually the 32-bit arithmetic will be faster. :-)
On another note, for Werner Koch: are you talking about truncating the value
from sha2-512(x) down to 200 bits, or using the FIPS 180-4 truncated
sha2-512/t(x,t) algorithm? There is a definite difference between the two. FIPS
180-4 defines differing underlying vectors for different lengths of t (the
truncation value).
Note that FIPS 180-4 defines the function for all positive values of t <512,
but only >approves< its use for 224 and 256. This might be an argument for use
224 instead of 200.
- Tony Hansen
On 3/16/17, 11:25 AM, "openpgp on behalf of Derek Atkins"
<openpgp-bounces(_at_)ietf(_dot_)org on behalf of derek(_at_)ihtfp(_dot_)com>
wrote:
Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
> On Tue, 14 Mar 2017 11:17, wk(_at_)gnupg(_dot_)org said:
>
>> What do others think:
>>
>> - Use SHA-256 and truncated to 200 bits
>> - Use SHA-512 and truncated to 200 bits
>> - Anything else
>
> No opinions?
Considering these days I work with very small systems, I'm in favor of
SHA2-256 because in my environments it's much faster. Even if SHA2-512
is faster on larger systems, the clock-wall time still gives SHA2-256
the advantage when you compare 256 vs 512 on a 16MHz 16-bit platform
versus a 32/64-bit 2GHz platform.
I.e., it doesn't bother me if SHA2-256 is a fraction of a millisecond
slower on a large system, but it's tens or hundreds of milliseconds
faster on the constrained device.
Thanks,
> Shalom-Salam,
>
> Werner
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_openpgp&d=DwICAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=Kz8VdgPVctDNSNPJ6PsBaw&m=vM6RhLQF242nU4VMyV4DjMhHsEUQeou96eZFYalUF6A&s=ksU0kzU9qTx2kcTtA-JsnQ1IE9CA8gsM-1iYvKPDFCU&e=
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp