--- /dev/null
+There are plenty of possible hashing algorithms in use. Some are forced
+by standards, some are faster on hardware, some on 64-bit CPUs, some are
+relatively new. So there is no single algorithm that will satisfy you in
+every situation. That is why, Metalink4 files can contain many choices
+of the hashes.
+
+Various utilities, various versions, various OS distributions have
+different set of available/better options. That is why meta4ra-create
+and meta4ra-check utilities have -hashes option, where you specify set
+of supported algorithms and command line to run for their calculation.
+-hashes is comma-separated list of colon-separated "name:cmdline" pairs.
+ -hashes "skein-512:skein512,sha512:libressl dgst -sha512"
+option tells, that for calculation of Skein-512 you have to run skein512
+command, and for SHA2-512 "libressl ..." one. They are invoked under
+"/bin/sh -e -c" command, so pipelines are also allowable there. Data is
+fed to their stdout and they are expected to print hash value in
+hexadecimal form as a first (or single) column to stdout. First found
+common algorithm is used by default for file verification in
+meta4ra-check utility, so order in -hashes is important.
+
+meta4ra-hashes-detect utility conveniently checks various predefined
+known commands and outputs -hashes-compatible string for your system.
+
+If you use "builtin" word as a command, then builtin implementation of
+the hash will be used. By default, meta4ra does not require any
+non-standard library dependencies, so it includes only SHA2-256 and
+SHA2-512. Optionally you can run build-with-thirdparty script to enable
+building with third-party libraries, including much more other hashes.
+
+Only a few hashes are standardised:
+https://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xhtml
+But meta4ra uses more of advanced and performant ones. They are listed
+below in order of preference.
+
+* blake3-256
+ Ultimately fast hash, still considered cryptographically secure.
+ Out-of-box Merkle-tree gives ability to indefinitely parallelise for
+ >1KiB blocks. It runs faster than either MD5 or hardware-accelerated
+ SHA2-256. Runs several times faster with AVX512. It is reduced round
+ BLAKE2s.
+* blake2b-512, blake2b-256
+ Very fast hash, pretty widespread as a SHA2 replacement.
+ Both of its 512/256-bit variants are often met.
+ It is reduced round BLAKE, that was among SHA3 finalists.
+* skein-512
+ Skein is fastest software hash among all SHA3 finalists, with huge
+ security margin.
+* shake128, shake256
+ SHAKE is the officially recommended SHA3 mode of operation for general
+ usage. SHAKE256 as fast as software SHA2-512 with the comparable
+ security level. Can be very fast on specialised hardware.
+* sha-512, sha-256
+ SHA2 is rather slow, but has widespread availability. 512-bit version
+ version runs faster on 64-bit CPUs. However modern CPUs have hardware
+ accelerated SHA2-256, making it slower only than BLAKE3
+* streebog-512, streebog-256
+ Russian Federation's government standard for hashing. Both versions
+ have identical speed, so 512-bit is preferred.
+* xxh3-128
+ XXH3 is not a cryptographically secure hash (that is why it is at the
+ very end of the list), but 128-bit output with the speed of RAM makes
+ it also useful for integrity checking