fre 2012-11-30 klockan 12:38 +0100 skrev Niels Möller:
Simon Josefsson simon@josefsson.org writes:
fre 2012-11-30 klockan 12:56 +0700 skrev Ivan Shmakov:
While such a step would be logical, I'd like to note that while SHA-2 algorithms are widely known as SHA-256, etc., it's the SHA3-256, etc. forms that seems to be preferred for SHA-3.
I am inclined to agree -- the name "SHA256" seems to be more popular than "SHA2-256" or even "SHA2" according to Google hits. Grep RFCs that use the term "SHA256" and that is also the more common usage. Going back to the NIST specification:
[...]
If the naming in Nettle isn't an obvious mistake, I would prefer not to change things. However, I don't really care strongly.
If I may rephrase what you're both saying, it's that everybody else seems to be using the "mistaken" naming, and then it makes more sense for Nettle to stick to that common usage. That argument makes sense to me; maybe I got a bit carried away.
Even further than that, I think I'm saying that I would be inclined to disagree that SHA256 is a mistaken naming. What source do you have that says the name "SHA2-256" is the right name? From the sources I quoted, including FIPS 180-4, the name is "SHA256". I suggest, as a general rule, that naming should preferrably be consistent with what appears to be the most authorative specification available for each algorithm.
I think I'd still like to do the header split, sha.h -> sha1.h and sha2.h, for better consistency within Nettle, but that's less intrusive, and backwards compatibility is trivial, with a sha.h including both.
Yes, doing that split makes sense to me. SHA256 etc doesn't have much in common with SHA1, so they belong in separate header files. Putting SHA256 in sha.h might have been the earlier mistake, if any. The initial mistake might have been calling the header file sha.h instead of sha1.h.
/Simon