On Dec 12, 2011, at 10:29 PM, Marsh Ray wrote: > On 12/12/2011 12:55 PM, Yoav Nir wrote: >> >> On Dec 12, 2011, at 5:52 PM, Marsh Ray wrote: >>> >>> It's already somewhat ambiguous now that NIST has >>> defined SHA[-2]-512/256. >>> >>> http://csrc.nist.gov/publications/PubsDrafts.html#fips-180-4 >> >> Then that is what it must be called: "sha2-512/256". I think that's a legal >> string in HTTP headers. >> >> Supposedly this is faster on 64-bit applications. I wonder if that is true >> in practice. > > SHA-2-512/256 should perform identically to plain SHA-2-512. It's the > same function only with a different IV.
Yes, and the claim in the original paper was that SHA2-512 was faster on 64-bit systems than SHA2-256. I haven't verified this. > This site is dedicated to benchmarking hash functions: > http://bench.cr.yp.to/results-hash.html > > It doesn't appear to be faster than, say, SHA-1, SHA-2-512 but does not > appear to be subject to the same attacks either. > >> So far, I have seen no implementations of this hash function. > > I made one for use at work, but it's only a minor adjustment to the RFC > 6234 SHA-2-512 reference code. I did that as well. _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
