undefined | Better HN

0 pointsNovemberWhiskey1y ago0 comments

>SHA-512 is more computationally costly

In fact, as you suggested later, SHA-512 is actually much less computationally expensive on 64 bit machines - it has 25% more rounds, but you can do twice the number of bytes per round.

All other things being equal (which they seldom are), you will often see a significant speed improvement with SHA-512 vs. SHA-256 on larger payloads.

Of course, I immediately tried to test this with "openssl speed" on my M1 Mac and SHA-512 is 70% slower, so I guess there's some architectural optimization there.

0 comments

jaeckel1y ago

The answer is: dedicated CPU instructions for SHA256 vs. software implementation of SHA512. For amd64 there's SHA-NI, for Arm there's the crypto extensions, but both only provide sha256 (at least when I last looked at their specs)

mtndew4brkfst1y ago

Can the algorithm benefit from SIMD/AVX512? Not helpful for ARM Macs, I have one too, but might be a contributing factor to lower adoption since those instructions aren't as widespread. First consumer chips in ~2017 and first AMD chips in ~2022.

formerly_proven1y ago

The 32 bit variants are accelerated via SHA-NI on most CPUs, which inverts the performance ranking again, making SHA-256 the fastest common cryptographic hash by far.

NovemberWhiskeyOP1y ago

I did a quick check on a 2016-era Xeon E5 v4 (AVX2), and sha512 is much faster per openssl speed.

j / k navigate · click thread line to collapse