On 02/04/2012 08:02 PM, Hyrum K Wright wrote: > I don't know if apr has a sha256 implementation, but it wouldn't be hard to > find one.
I'll point out that we're nearing the end of a selection process for SHA-3, with a winner expected to be announced some time this year. The winner may wind up being faster than SHA-256 or even SHA-1. (For instance, one of the five finalists, Skein, is performance-competitive with SHA-1 according to numbers in a paper by its authors: http://www.skein-hash.info/sites/default/files/skein1.3.pdf) It sounds like wc-ng is somewhat hash-agile by virtue of the format number and upgrade process. It sounds like Ev2 may not be very hash-agile. If so, it's probably a bad idea to carve SHA-1 in stone, as it is already showing weaknesses. SHA-256 is likely to have a much longer useful lifetime, SHA-3 even more so. In a pinch, SHA-256 implementations can be pretty small; the one I have on hand is about 200 lines of code.
