Are there any advantages in using Digest::SHA over Digest::SHA1 or vice versa? both seem to be maintained but I don't see a reason for Digest::SHA1 to even exist with the existence of Digest::SHA.
views:
70answers:
2
+3
A:
There is none, Digest::SHA1 is legacy, as is SHA1. Per the docs of Digest::SHA1:
In 2005, security flaws were identified in SHA-1, namely that a possible mathematical weakness might exist, indicating that a stronger hash function would be desirable. The Digest::SHA module implements the stronger algorithms in the SHA family.
It clearly references Digest::SHA. The implementation in Digest::SHA is a bit faster than Digest::SHA1 (per the docs of Digest.pm -- what you should probably be using anyway).
Algorithm Size Implementation MB/s
SHA-1 160 Digest::SHA v4.3.1 58.9
SHA-1 160 Digest::SHA1 v2.10 48.8
Digest is a factory for all modules in the Digest namespace, it prioritizes Digest::SHA over Digest::SHA1. You could even argue Digest::SHA1 is twice over deprecated, as it was replaced by Digest::SHA2.
I believe it probably useful to substantiate the term "deprecated" here. I simply mean that Digest::SHA1 isn't useful for non-SHA1 hashes that are still in the SHA family -- other distros can handle more.. Digest::SHA1 is also slower.. To the best of my knowledge it is still supported and has a stable release not all that long ago: Digest-SHA1-2.13 - 03 Jul 2010 - Gisle Aas
Evan Carroll
2010-08-06 02:53:38
The ::SHA module included SHA-2 algorithms as well... but if you *are* still planning on using SHA-1 that's really not an argument one way other another. I looked at the docs and didn't see anything to suggest that Digest::SHA1 was legacy or deprecated.
xenoterracide
2010-08-06 03:04:02
@xenoterracid, Wrong, it is still an argument. Do you want to have both of them loaded in memory because some other module wishes to implement a hash in the same family that isn't SHA1? Do you want to depend on a different distribution with open bugs being maintained, when it only supports a subset of the functionality of the newer one -- and at that **it does it slower**...
Evan Carroll
2010-08-06 03:18:48
That's a better argument ;) as opposed to talking about the security flaws which may or may not be relevant depending on what you're using it for.
xenoterracide
2010-08-06 03:33:01
Another big reason to pick `Digest::SHA` over `Digest::SHA1` is that the former is a core library (as of Perl 5.10.0), and the latter isn't (and never will be).
cjm
2010-08-06 06:22:59
A:
Stuff that was written to use Digest::SHA1::sha1, or which (in a fit of silliness) does "Digest::$type"->new instead of Digest->new($type) might need Digest::SHA1. Other than that, Digest::SHA is preferred, and it will be used by default for Digest->new("SHA-1").
hobbs
2010-08-06 03:02:53