Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > On Tue, Jul 24, 2018 at 12:01 PM Edward Thomson > <ethomson@xxxxxxxxxxxxxxxxx> wrote: >> >> Switching gears, if I look at this from the perspective of the libgit2 >> project, I would also prefer SHA-256 or SHA3 over blake2b. To support >> blake2b, we'd have to include - and support - that code ourselves. But >> to support SHA-256, we would simply use the system's crypto libraries >> that we already take a dependecy on (OpenSSL, mbedTLS, CryptoNG, or >> SecureTransport). > > I think this is probably the single strongest argument for sha256. > "It's just there". Yup. I actually was leaning toward saying "all of them are OK in practice, so the person who is actually spear-heading the work gets to choose", but if we picked SHA-256 now, that would not be a choice that Brian has to later justify for choosing against everybody else's wishes, which makes it the best choice ;-)
