Hacker News new | past | comments | ask | show | jobs | submit login

“Everyone should switch to (in order of preference): • BLAKE2b / BLAKE2s • SHA-512/256 • …”

You know, SHA-512/256 was a terrible name. For someone who’s not a cryptographer, it’s way too easy to confuse the single algorithm SHA-512/256, which resists length extension attacks, with the pair of algorithms SHA-512 / SHA-256, which do not.




"truncated sha512" would be a much better way to talk about it.


It isn't exactly truncated SHA-512 — that is, you can't compute a SHA-512/256 hash by computing a SHA-512 hash and then truncating it. Although the algorithm is the same as doing that, the initial state of the hash context is different.

(The same is true for SHA-224, which could be called SHA-256/224; it's a truncated SHA-256, but with a different internal state.)


True, that’s a good point.


Damn, I knew this and I'd forgotten it. Thanks for pointing it out.


that just goes to show how bad the name is. It doesn't trick you until before you learn, but it keeps on giving!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: