More pain, less gain. Sha512 requires more than twice the transistors iirc, and it’s less common. Intel implements instructions to speed up what people are doing more so than what Intel thinks they should be doing.
On the other hand if they had implemented only sha3, I think that would encourage adoption. “The one that’s hardware accelerated” becomes the obvious choice when picking a hash algorithm.
I wonder if all the people freaked out about RdRand are going to freak out about this, as well.
Obviously the NSA paid them off to include only sha256 support instead of the more secure sha512.
Wonder why they didn’t include SHA384. Don’t some of the higher security tls-1.2 cipher suites utilize that?
More pain, less gain. Sha512 requires more than twice the transistors iirc, and it’s less common. Intel implements instructions to speed up what people are doing more so than what Intel thinks they should be doing.
On the other hand if they had implemented only sha3, I think that would encourage adoption. “The one that’s hardware accelerated” becomes the obvious choice when picking a hash algorithm.