My apologies, I forgot to address something: On Sat, Oct 21, 2017 at 12:50 PM, Hanno Böck <ha...@gentoo.org> wrote: > On Sat, 21 Oct 2017 12:12:44 -0500 > R0b0t1 <r03...@gmail.com> wrote: > >> That is precisely why I didn't suggest it be used on its own (see note >> about extant use of MD5), and why I gave alternatives. If it is >> desired that the hashes be computed quickly then weaker hashes will >> need to be used. One usually can't have both security and speed. > > You can have that. Blake2 is faster than any broken legacy hash. > And ripemd isn't particularly fast >
Fair enough, but it is new and may have security problems related to its operation that have not been found. This is hard to reason about, but I would note that many cryptographic standards are fairly conservative for similar reasons. Ease of computation reduces security. Respectfully, R0b0t1