fre 2012-11-30 klockan 12:56 +0700 skrev Ivan Shmakov:
Niels Möller writes:
With support for SHA3, it seems clear that nettle's naming for sha2 functions was a mistake. It should be "sha2_256", rather than "sha256".
While such a step would be logical, I'd like to note that while SHA-2 algorithms are widely known as SHA-256, etc., it's the SHA3-256, etc. forms that seems to be preferred for SHA-3.
There's a logic in keeping the things as they are, too. When SHA-1 was introduced, it supported only 160 bit size digests, so there was no need to mention the size explicitly. When SHA-2 appeared, it supported several sizes, but none of them coincided with the SHA-1's 160 bits, thus the “version” was apparent from the bit size. At last, came SHA-3, and being the later one, it has to bear its explicit version number.
I am inclined to agree -- the name "SHA256" seems to be more popular than "SHA2-256" or even "SHA2" according to Google hits. Grep RFCs that use the term "SHA256" and that is also the more common usage. Going back to the NIST specification:
http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
Quoting:
This Standard specifies secure hash algorithms - SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 - for computing a condensed representation of electronic data (message).
See also the wikipedia page, it never uses the term "sha2-256" but consistently use the term "SHA-256".
http://en.wikipedia.org/wiki/SHA-2
Is there any other authorative sources on SHA2 and what it should be called?
If the naming in Nettle isn't an obvious mistake, I would prefer not to change things. However, I don't really care strongly.
/Simon