how to phase in new hash algorithms?

Joseph Ashwood ashwood at
Mon Mar 21 01:08:09 EST 2005

----- Original Message ----- 
From: "Steven M. Bellovin" <smb at>
Subject: how to phase in new hash algorithms?

> We all understand the need to move to better hash algorithms than SHA1.
> At a minimum, people should be switching to SHA256/384/512; arguably,
> Whirlpool is the right way to go.  The problem is how to get there from
> here.
> So -- what should we as a community be doing now?  There's no emergency
> on SHA1, but we do need to start, and soon.

Phase 1 is to change the hash function choice from implicit to explicit. 
Specifically instead of having hash = "457253W4568MM48AWA2346", move to hash 
= "SHA-1:lq23rbp8yaw4tilutqtipyu.".

Then over time ratchet down the default.

There is also an easy argument that it may be beneficial to skip SHA-256 
entirely. The argument put succinctly is:
64-bit computing is arriving
on 64-bit systems SHA-512 is nearly twice as fast as SHA-256 (crypto++ 
SHA-512 is at least as strong, and faster.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list