1 There are plenty of possible hashing algorithms in use. Some are forced
2 by standards, some are faster on hardware, some on 64-bit CPUs, some are
3 relatively new. So there is no single algorithm that will satisfy you in
4 every situation. That is why, Metalink4 files can contain many choices
7 Various utilities, various versions, various OS distributions have
8 different set of available/better options. That is why meta4ra-create
9 and meta4ra-check utilities have -hashes option, where you specify set
10 of supported algorithms and command line to run for their calculation.
11 -hashes is comma-separated list of colon-separated "name:cmdline" pairs.
12 -hashes "skein-512:skein512,sha512:libressl dgst -sha512"
13 option tells, that for calculation of Skein-512 you have to run skein512
14 command, and for SHA2-512 "libressl ..." one. They are invoked under
15 "/bin/sh -e -c" command, so pipelines are also allowable there. Data is
16 fed to their stdout and they are expected to print hash value in
17 hexadecimal form as a first (or single) column to stdout. First found
18 common algorithm is used by default for file verification in
19 meta4ra-check utility, so order in -hashes is important.
21 meta4ra-hashes-detect utility conveniently checks various predefined
22 known commands and outputs -hashes-compatible string for your system.
24 If you use "builtin" word as a command, then builtin implementation of
25 the hash will be used. By default, meta4ra does not require any
26 non-standard library dependencies, so it includes only SHA2-256 and
27 SHA2-512. Optionally you can run build-with-thirdparty script to enable
28 building with third-party libraries, including much more other hashes.
30 Only a few hashes are standardised:
31 https://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xhtml
32 But meta4ra uses more of advanced and performant ones. They are listed
33 below in order of preference.
36 Ultimately fast hash, still considered cryptographically secure.
37 Out-of-box Merkle-tree gives ability to indefinitely parallelise for
38 >1KiB blocks. It runs faster than either MD5 or hardware-accelerated
39 SHA2-256. Runs several times faster with AVX512. It is reduced round
41 * blake2b-512, blake2b-256
42 Very fast hash, pretty widespread as a SHA2 replacement.
43 Both of its 512/256-bit variants are often met.
44 It is reduced round BLAKE, that was among SHA3 finalists.
46 Skein is fastest software hash among all SHA3 finalists, with huge
49 SHAKE is the officially recommended SHA3 mode of operation for general
50 usage. SHAKE256 as fast as software SHA2-512 with the comparable
51 security level. Can be very fast on specialised hardware.
53 SHA2 is rather slow, but has widespread availability. 512-bit version
54 version runs faster on 64-bit CPUs. However modern CPUs have hardware
55 accelerated SHA2-256, making it slower only than BLAKE3
56 * streebog-512, streebog-256
57 Russian Federation's government standard for hashing. Both versions
58 have identical speed, so 512-bit is preferred.
60 XXH3 is not a cryptographically secure hash (that is why it is at the
61 very end of the list), but 128-bit output with the speed of RAM makes
62 it also useful for integrity checking