SHA-2 uses a Merkle-Damgard construction like SHA-1 does, but is not widely believed to be vulnerable to the same attacks. SHA-3 was developed and standardized in part to mitigate future breaks in SHA-2, but those breaks have (so far) not materialized[1].
TL;DR: If all you need is a fast cryptographic digest, SHA-2 is still the gold standard. If you care about length-extension attacks, SHA-3's construction prevents them. If you're hashing passwords, you should use a KDF instead.
zamadatix|2 years ago
How are other algorithms fairing recently, anything else started tumbling over in the last few years?
woodruffw|2 years ago
TL;DR: If all you need is a fast cryptographic digest, SHA-2 is still the gold standard. If you care about length-extension attacks, SHA-3's construction prevents them. If you're hashing passwords, you should use a KDF instead.
[1]: https://www.imperialviolet.org/2017/05/31/skipsha3.html
jwilk|2 years ago
The earliest copy in the Wayback Machine is from 2020-01-07. That's also when it was first submitted to HN: https://news.ycombinator.com/item?id=21979333 (354 comments)
woodruffw|2 years ago
[1]: https://sha-mbles.github.io/Shambles_RWC.pdf
unknown|2 years ago
[deleted]