On 24/10/2017 06:11, Michał Górny wrote: > W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny > napisał: >> Three hashes don't give any noticeable advantage. If we want a diverse >> construct, we take SHA3. SHA3 is slower than SHA2 + BLAKE2 combined, so >> even with 3 threaded computation it's going to be slower. > > Oh, and most notably, the speed loss will be mostly visible to users. > An attacker would have to compute the additional hashes only > if the fastest hash already matched, i.e. rarely. Users will have to > compute them all the time.
I'm surprised to see bikeshedding about this, where the performance argument was shown to be speculative. Consider clarifying what's the goal of this thread. It seemed like a relatively obvious cleanup / modernizing the set of hash functions, and I'd still be supportive of that. Paweł
signature.asc
Description: OpenPGP digital signature
