

Ask HN: What is your SHA Strategy? - TY
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/submissions_rnd2.html

======
TY
Does anyone on HN use any of these hashing functions? Or sticking to SHA2
family till SHA3 finalist is announced is your strategy? Or do you simply not
care at all and use SHA1 or MD5 because it's easy?

~~~
carbocation
Planning on sticking with SHA2 until SHA3 has been around for a few years. I
treat these things like Windows Service Packs. If I were a crypto expert
(tptacek?) I might see things differently, but since I'm not, I try to thread
the needle between falling too far behind, and cutting myself on the bleeding
edge.

~~~
tptacek
SHA1 won't kill you any time soon; people are not, despite the hype, rushing
to replace designs that depend on it.

SHA256 is the conservative default for new designs.

In 4-5 years, SHA256 will probably have the same role as DES-EDE: a
fundamentally sound design with unfavorable implementation properties (DES-EDE
has a 64 bit block size, SHA256 has MD padding and length extension
susceptibility), largely supplanted by something European.

