1. 6

  2. 2

    While it’s been selected, NIST has yet to update FIPS 180-5 (the official docs for the SHA), and there aren’t any PBKDF2 test vectors for it yet; we still have some time to wait before it’s adoptable in a NIST-compliant suite; for now, you should keep using SHA-256 (or SHA-512 if you know the code will only be run on 64-bit processors).

    For the interested, the Go crypto library has a SHA-3 implementation available. I looked around for a decent Python package that would work with PyCrypto, but as of a few weeks ago, I hadn’t found any really solid ones.

    1. 2

      I bookmarked this to read later because it looked promising. Now I’ve read it and my opinion has changed to terrible.

      This is the kind of testing I expect phoronix to perform. “Look, our benchmark has numbers. It’s scientific!” Not to mention screwing up the difference between microseconds and nanoseconds. Was no one else surprised sha3 can apparently hash a message in a mere 4 CPU cycles?