On Wed, Sep 13, 2017 at 6:43 AM, demerphq <[email protected]> wrote: > > SHA3 however uses a completely different design where it mixes a 1088 > bit block into a 1600 bit state, for a leverage of 2:3, and the excess > is *preserved between each block*.
Yes. And considering that the SHA1 attack was actually predicated on
the fact that each block was independent (no extra state between), I
do think SHA3 is a better model.
So I'd rather see SHA3-256 than SHA256.
Linus
