Derek Atkins <derek(_at_)ihtfp(_dot_)com> writes:
I.e., it doesn't bother me if SHA2-256 is a fraction of a millisecond slower
on a large system, but it's tens or hundreds of milliseconds faster on the
constrained device.
+1.
Also, like AES' 256-bit option, I get the feeling that SHA-512 exists purely
for people who want their algorithms to go to 11. It doesn't solve any
obvious problem that SHA-256 doesn't already address, while leading to serious
practical issues when you're required to attach e.g. a 64-byte MAC to 5 bytes
of SSL payload.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp